PHP CMS Reviews

PHP CMS Reviews - News: AdaptCMS 1.3 Security Fix Released

Wed, 08 Oct 2008 05:03:05 CDT

The Insane Visions team has issued an urgent security fix for AdaptCMS Pro/Lite 1.3. The security issue was a matter of SQL Injection vulnerability and they say that hashes were possible to get, but not passwords themselves. They recommend downloading and applying this patch immediately.

"For the first time with AdaptCMS, Insane Visions has issued an urgent security fix. This recent security hole was discovered by the group at Milw0rm. Upon hearing about this security hole we immediately fixed the problem in a matter of minutes and are now issuing this fix.

The Security Hole was related to the new "Check User" feature in AdaptCMS Lite 1.3 and AdaptCMS Pro 1.3. When signing up you would enter the username desired, once moving to the password field a box would appear saying whether the username was taken or not. The issue was the PHP that checks to see if the username is taken did not use any safe guards incase of SQL injection. The worst consequence is the stealing of the MD5 hash of a users password but NO passwords themselves were vulnerable to this problem.

This fix is simply one file which goes into the "includes/" folder. We recommend that all AdaptCMS Lite users upload this fixed file immediately. Thank you."

Links: AdaptCMS 1.3 Security Fix Released - Download

PHP CMS Reviews - News: Drupal 6.5 and 5.11 released

Wed, 08 Oct 2008 04:47:03 CDT

The Drupal team has announced the release of Drupal 6.5 and 5.11. Both releases fix "critical security vulnerabilities" and it is "strongly recommended" to upgrade Drupal 5 and 6 sites. Here's the announcement:

"Drupal 6.5 and Drupal 5.11, maintenance releases fixing problems reported using the bug tracking system, as well as critical security vulnerabilities, are now available for download.

Upgrading your existing Drupal 5 and 6 sites is strongly recommended. There are no new features in these releases. For more information about the Drupal 6.x release series, consult the Drupal 6.0 release announcement, more information on the 5.x releases can be found in Drupal 5.0 release announcement."

Link: Drupal 6.5 and 5.11 released

PHP CMS Reviews - News: e107 0.7.13 Released

Sun, 28 Sep 2008 04:46:50 CDT

It has been anounced that a new release of e107, 0.7.13, has been released. This is seemingly another small bug-update that affects "relatively few files" and also fixes a security vulnerability. They recommend to apply the update as soon as possible.

"A bit like buses, E107 releases sometimes come in pairs - usually because a bug which affects a fair number of people has crept in under the radar of those who regularly update from CVS. More to the point, on this occasion there's a fix for a security vulnerability which can potentially affect those with certain server configurations. Thanks to Fanat1k for finding this one.

PHP CMS Reviews - News: TYPOlight 2.6.1 Released

Sat, 20 Sep 2008 11:57:29 CDT

A new "minor release" of TYPOlight has been released and is availble, TYPOlight 2.6.1. Here's the story:

"TYPOlight version 2.6.1 is available. The minor release introduces a new content element named "article alias", which allows you to insert the content of an article into another one. In addition, the newsletter module has been overworked and now supports sending personalized e-mails to registered members. The new version also includes some important bug fixes (especially for the built-in search engine), so it is recommended to update."

Feel free to checkout the TYPOlight CMS Page to see the new version in action.

Link: TYPOlight 2.6.1 Released

PHP CMS Reviews - News: MiaCMS 4.6.5 Security Patch 1 Released

Wed, 27 Aug 2008 10:42:52 CDT

The MiaCMS team has released a very imporant security patch, MiaCMS 4.6.5 Security Patch 1. This Patch fixes serious SQL injection issues found in MiaCMS. They "strongly recommend" that all users update there copy of MiaCMS as soon as possible. Here's the scoop:

"As you may or may not be aware, within the last day or two there has been a MiaCMS SQL injection security report making rounds on the web. We have taken time to carefully review the report and wanted to make you aware of our findings. The report can be found here for reference - http://secunia.com/advisories/31584/.