MiGCMS / News: Recent posts

Details of a remote file inclusion vulnerability have been released for MiGCMS v2.05. This vulnerability depends on having register globals allowed on the host. This is a bad idea for a number of ideas and I never assumed anyone would enable register globals and didn't code appropriately for that eventuality. I'm working on a fix - in the meantime set register globals to off/false in any installation instance of MiGCMS v2.05 that you have running to protect yourself.