Users are advised to update to the latest variant

Dec 21, 2011 09:31 GMT  ·  By

Multiple reflective cross-site scripting (XSS) vulnerabilities were found in the 3.1.5 version of Fork CMS, the open-source PHP and MySQL content management system.

The flaws, tested on Windows XP and Windows Vista using Internet Explorer 9, were present in both the front end and the administrator panel.

In the 3.1.7 variant some changes were made in the form.php file found in the backend, the frontend and the library folders. The header.php file from the frontend is also modified to make sure XSS attacks are no longer possible.

The security holes were uncovered by Avram Marius Gabriel (d3vil) on December 13 and they were patched up the next day.

Users are advised to update Fork CMS to the latest variant to make sure they don’t allow cybercriminals to execute arbitrary code.

Fork CMS 3.1.7 is available for download here.