URGENT: AdaptCMS 1.3 Security Fix Released posted October 03
For the first time with AdaptCMS, Insane Visions has issued an urgent security fix. This recent security hole was discovered by the group at Milw0rm. Upon hearing about this security hole we immediately fixed the problem in a matter of minutes and are now issuing this fix.
The Security Hole was related to the new "Check User" feature in AdaptCMS Lite 1.3 and AdaptCMS Pro 1.3. When signing up you would enter the username desired, once moving to the password field a box would appear saying whether the username was taken or not. The issue was the PHP that checks to see if the username is taken did not use any safe guards incase of SQL injection. The worst consequence is the stealing of the MD5 hash of a users password but NO passwords themselves were vulnerable to this problem.
This fix is simply one file which goes into the "includes/" folder. We recommend that all AdaptCMS Lite users upload this fixed file immediately. Thank you.Back to News Archive »