[SECURITY] [3/5] Xomol CMS Local File Inclusion and SQL Injection

Discussion in 'Security News' started by FSOwner, May 26, 2008.

  1. FSOwner

    FSOwner FS Owner

    DNX has discovered some vulnerabilities in Xomol CMS, which can be exploited by malicious people to disclose potentially sensitive information or conduct SQL injection attacks.


    Be sure to check if your system is missing security updates or have insecure applications installed:
    http://secunia.com/software_inspector/

    Feature Overview - The Secunia Software Inspector:
    * Detects insecure versions of applications installed
    * Verifies that all Microsoft patches are applied
    * Assists you in updating your system and applications
    * Runs through your browser. No installation or download is required.

    More...
     
  2. paradox1911

    paradox1911 New Member

    This is a good example of why we should use magic quotes and filter chars from URLS

    Checking user input is vital to not having your web page defaced by script kiddies who like milw0rm
     
  3. xomdev

    xomdev New Member

    The XSS security issue on Xomol CMS has been fixed since Xomol V. 1.5.2.2

    Hello Programmers of the Wolrd

    This is Juan Tepec, one of the main developers of Xomol CMS.
    The XSS security issue has been fixed since Xomol V. 1.5.2.2.
    Thanks 2 u all for testing and helping us develop Xomol CMX.

    Best Regards
    Juan Tepec
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice