This is a security update from osCMax.com.
We have discovered a remote upload exploit in osCMax v2.0 RC3-0-1 that allows a remote attacker to arbitrarily upload files to the remote file system via a browser. This is considered a high risk exploit and should be patched immediately.
In response to this we have released osCMax 2.0 RC3-0-2 which fixes this exploit by removing the files that are vulnerable. This can be downloaded here:
http://www.oscmax.com/project/osCMaxTo manually patch this vulnerability, several files need to be removed from your osCMax installation. The files/directories to be removed are listed below:
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/asp/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/aspx/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/cfm/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/perl/
/catalog/FCKeditor/editor/filemanager/browser/default/connectors/test.html
Home
Help
Search
Login
Register
Print