|
MiaCMS 4.6.5 Security Patch 1 Released |
|
|
|
|
Written by The MiaCMS Team
|
|
Aug 26, 2008 at 07:01 AM |
|
As you may or may not be aware, within the last day or two there has been a MiaCMS SQL injection security report making rounds on the web. We have taken time to carefully review the report and wanted to make you aware of our findings. The report can be found here for reference - http://secunia.com/advisories/31584/.
The reported exploits claim that input passed to the "id" parameter in index.php (when "option" is set to "com_content" and "task" to "view", "category", or "blogsection") is not properly sanitized before being used in SQL queries. The report is accurate and this problem is due to incorrect sanitization of the $id variable within the mod_socialbits.php file of the Socialbits module. We have corrected the issue and released a patch for 4.6.5 called "MiaCMS_v4.6.5_SecurityPatch_1". The patch file can be found on our main project downloads page (http://code.google.com/p/miacms/downloads/list).
It is strongly recommended that all users apply this update to their MiaCMS installation. There are upgrade instructions contained within the zip file. Thank you for your patience and understanding.
4.6.5 |
Project News 
