Blog

Skip to content

Security Issues & FCMS 2.2.2

Security

You may have noticed a lot of security related issues being found and fixed lately.  The reason for this is because of a bad decision on my part:  see most of the security related issues were only exploitable if the exploiter had a valid username/password, so that means that only someone who you’ve allowed to join your site could cause damage or do bad things.  This is the main reason why I have ignored most of these issues in the past.  But that’s a bad way to view things, and more importantly it’s bad programming.

So that’s why I went through and fixed all the issues I could find and then did an audit of the codebase to fix any potential security issues that haven’t been found yet.  So if you don’t let anyone login to your site but family, upgrading to FCMS 2.2.2 isn’t crucial, but it’s still recommended, just to be on the safe side.

FCMS 2.2.2

Download it now, or visit the downloads section.

This release fixes a few security issues.

The following bugs were fixed:

#160 – Login ID SQL Injections
#166 – File Upload Vulnerability
#167 – Directory Traversal Vulnerability
#168 – Audit sql queries for SQL Injections

Be Sociable, Share!

Categories: News, Releases.

Comment Feed

No Responses (yet)



Some HTML is OK

or, reply to this post via trackback.