[SECURITY] [3/5] Xomol CMS Local File Inclusion and SQL Injection

FSOwner

FS Owner
DNX has discovered some vulnerabilities in Xomol CMS, which can be exploited by malicious people to disclose potentially sensitive information or conduct SQL injection attacks.


Be sure to check if your system is missing security updates or have insecure applications installed:
http://secunia.com/software_inspector/

Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.

More...
 
This is a good example of why we should use magic quotes and filter chars from URLS

Checking user input is vital to not having your web page defaced by script kiddies who like milw0rm
 
The XSS security issue on Xomol CMS has been fixed since Xomol V. 1.5.2.2

Hello Programmers of the Wolrd

This is Juan Tepec, one of the main developers of Xomol CMS.
The XSS security issue has been fixed since Xomol V. 1.5.2.2.
Thanks 2 u all for testing and helping us develop Xomol CMX.

Best Regards
Juan Tepec
 
Back
Top