AdaptCMS 2.0.1 - Security Hole posted September 25

Just a quick note thanks to a tip from someone (don't want to mention who without permission) a security hole has been discovered in AdaptCMS. It was in the config.php and involved just a few bits of code, one bit that cleans out COOKIES and such that should of been at the top of the file and the other bit that determined if a page was a frontend or backend one. This allowed XSS scripting to gain access to say the admin page without having proper access.

That's why all users of AdaptCMS 2.0.1 are recommended to immediately update your 'config.php' file. This can be done easily without downloading from anywhere, simply login to your admin area and at the top click on "Get the latest AdaptCMS Files". Then simply select the checkbox next to config.php and click proceed at the bottom and you should get a success message.

Thank you.

Back to News Archive »

Comments