Multiple reflective cross-site scripting (XSS) vulnerabilities were found in the 3.1.5 version of Fork CMS, the open-source PHP and MySQL content management system.
The
flaws, tested on Windows XP and Windows Vista using Internet Explorer 9, were present in both the front end and the administrator panel.
In the 3.1.7 variant some changes were made in the
form.php file found in the
backend, the
frontend and the
library folders. The
header.php file from the frontend is also modified to make sure XSS attacks are no longer possible.
The security holes were uncovered by Avram Marius Gabriel (d3vil) on December 13 and they were
patched up the next day.
Users are advised to update Fork CMS to the latest variant to make sure they don’t allow cybercriminals to execute arbitrary code.
Fork CMS 3.1.7 is available for download
here.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
