|
Should this be of concern?
|
|
12-07-2010, 12:48 PM
(This post was last modified: 12-07-2010 12:51 PM by Virtuous101.)
Post: #1
|
|||
|
|||
|
Should this be of concern?
Hi
 I've just stumbled across this apparant vulnerability. Should this be of concern? Thank you... -------- [edit] ------------- Sorry... not sure why it got posted in this topic! 
|
|||
|
|
12-07-2010, 05:57 PM
(This post was last modified: 12-07-2010 06:02 PM by Zorchenhimer.)
Post: #2
|
|||
|
|||
|
RE: Should this be of concern?
Personally speaking, I wouldn't worry about it. On the off chance that you site is attacked in such a way, you have a bigger problem to deal with. NanoCMS is a single user content management system, so someone has to figure out your admin login credentials in order to exploit this vulnerability.
Besides, if you really wanted to, you could put malicious code directly in the body of a page instead of just the title. Neither one of those fields are sanitised (unless TinyMCE does some sanitising). But if you feel really concerned about this, I could probably whip up a patch for you. Edit: As for the pagesdata.txt vulnerability also mentioned in the link you provided, there is a fix: http://www.nanocms.co.uk/forum/thread-40.html (from what I understand, this fix is already in the community build). |
|||
|
|
12-07-2010, 06:41 PM
Post: #3
|
|||
|
|||
|
RE: Should this be of concern?
Cheers for your feedback Zorchenhimer. Much appreciated.
www.andrewemmett.co.uk - lifestyle, tech and all sorts of geek
|
|||
|
|
|
14-07-2010, 02:47 PM
Post: #4
|
|||
|
|||
|
RE: Should this be of concern?
Thanks for the response.. =)
I've looked into many CMS's, and to be honest, I haven't found one yet without a vulnerability of some kind! =) I'm new to php, and currently studying it, but I have a huge interest in nanocms! 
|
|||
|
|
|
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)