Possible security breach
Posted by webmaster on 20 August 2009 12:00:00
Recently we have seen an increase in the attempts to hack into ExiteCMS.
Usually we are not that worried, but this time we felt then some pro-active counter measures were in order. In short, the hacker attempts to inject values into the PHP system array $_SERVER, in an attempt to elevate his rights. Since we don't have code that uses data unscreened or that link directly to files or URL's, we feel that these attempts were unsuccesful. Nevertheless, we have plugged this hole in the latest revision.
You can fix this by replacing the file core_functions.php in our include directory with the latest version from our SubVersion repository. You can download the file here.
We strongly suggest you inplement this fix on all of your ExiteCMS websites.
Note that all versions of ExiteCMS have this issue. If you are not using the current release version of ExiteCMS, contact us and we will tell you how to plug this potentional hole for your version.