MiaCMS Security Annoucements
You can subscribe to this living wiki page by adding this feed link to you favorite RSS Reader.
2008-08-27
MiaCMS SQL injection security report mentioned at http://secunia.com/advisories/31584/ is fixed. The reported exploits claim that input passed to the "id" parameter in index.php (when "option" is set to "com_content" and "task" to "view", "category", or "blogsection") is not properly sanitized before being used in SQL queries. The report is accurate and this problem is due to incorrect sanitization of the $id variable within the mod_socialbits.php file of the Socialbits module. We have corrected the issue and released a patch for 4.6.5 called MiaCMS_v4.6.5_SecurityPatch_1
It is strongly recommended that all users apply this update to their MiaCMS installation. Upgrade instructions are in the zip file.
Or alternatively, you can upgrade to MiaCMS 4.6.5 SP1.
2008-06-05
No security announcements are available at this time.
MiaCMS
