Fundanemt 2.2.0.1 security release
Posted on mandag d. 28. maj 2007 by Fundanemt Team
On Monday, May 28th 2007, an exploit were published targeting the Fundanemt CMS. All users are encouraged to upgrade immediately.
Security alert
On Monday, May 28th 2007, an exploit were published targeting the Fundanemt CMS. The exploit is able to execute shell commands and evaluate PHP code using an old spell checker shipped with Fundanemt.
We encourage all users to take immediate actions to secure their sites by
1. Deleting the file /fundanemt/core/spellcheck/spellcheck.php on the site
or
2. Downloading the latest release from http://fundanemt.com/
You can check your logs files to determine if the exploit has been tested on your site by searching for /fundanemt/core/spellcheck/spellcheck.php
$ grep '/fundanemt/core/spellcheck/spellcheck.php' logs/access_log
logs/access_log:xxx.xxx.xxx.xxx - - [28/May/2007:xx:xx:xx +0200] "POST /fundanemt/core/spellcheck/spellcheck.php HTTP/1.0" 200 863 "-" "-"
Sikkerhedsadvarsel
Mandag d. 28. maj 2007 blev der offentliggjort et program til at udnytte et sikkerhedshul i Fundanemt CMSet. Sikkerhedshullet gør det muligt at køre programmer og udføre PHP kode på serveren ved at bruge en gammel stavekontrol der følger med Fundanemt.
Vi opfordrer på det kraftigste alle brugere til omgående at sikre deres sites ved at
1. Slette filen /fundanemt/core/spellcheck/spellcheck.php på sitet
eller
2. Hente nyeste version fra http://fundanemt.com/
Du kan tjekke dine logfiler for at finde ud af om sikkerhedshullet er blevet testet på dit site ved at søge efter /fundanemt/core/spellcheck/spellcheck.php
$ grep '/fundanemt/core/spellcheck/spellcheck.php' logs/access_log
logs/access_log:xxx.xxx.xxx.xxx - - [28/May/2007:xx:xx:xx +0200] "POST /fundanemt/core/spellcheck/spellcheck.php HTTP/1.0" 200 863 "-" "-"
|
