Home arrow Project News arrow MiaCMS 4.6.5 Security Patch 1 Released
MiaCMS 4.6.5 Security Patch 1 Released PDF Print E-mail
Written by The MiaCMS Team   
Aug 26, 2008 at 07:01 AM

As you may or may not be aware, within the last day or two there has been a MiaCMS SQL injection security report making rounds on the web. We have taken time to carefully review the report and wanted to make you aware of our findings. The report can be found here for reference - http://secunia.com/advisories/31584/.

The reported exploits claim that input passed to the "id" parameter in index.php (when "option" is set to "com_content" and "task" to "view", "category", or "blogsection") is not properly sanitized before being used in SQL queries. The report is accurate and this problem is due to incorrect sanitization of the $id variable within the mod_socialbits.php file of the Socialbits module. We have corrected the issue and released a patch for 4.6.5 called "MiaCMS_v4.6.5_SecurityPatch_1". The patch file can be found on our main project downloads page (http://code.google.com/p/miacms/downloads/list).

It is strongly recommended that all users apply this update to their MiaCMS installation. There are upgrade instructions contained within the zip file. Thank you for your patience and understanding.

4.6.5
<Previous   Next>

follow miacms at http://twitter.com

Polls

What is your favorite new MiaCMS feature?
  

Newsflash

MiaCMS 4.8 release bring OpenID support (versions 1&2), content versioning, a brand new and vastly improved JavaScript architecture, a Yahoo! User Interface (YUI) upgrade (from 2.5.2 to 2.6.0), an enhancement to the Related Articles module, new versions of the Byte & MOStlyCE editors, and plenty of bug fixes and other general enhancements.