e107 released 0.7.20 as a security update to fix two potential security issues in e107.

The exact details of the security was not released by e107.org, but one involves being able to upload a malicious file. It requires an odd set of preferences and a missing file to allow it to happen though, so the threat is pretty low according to e107.org.

(Ads)

The other was a js code injection. The user was able to inject some js code that would run if an admin edited the users post. This was only open if the site had the 'personal content manager' option enabled in the content plugin.

The security was discovered by Secunia Research, a provider of Vulnerability Intelligence and Vulnerability Management tools.

e107 requires a web-server with PHP 4.3.0 (or newer) and MySQL (4.1 or newer recommended). It is released under the terms of the GNU GPL License.

Related posts:

1. WebsiteBaker Core CMS Security Vulnerability
2. NetBSD New Security Advisories: NetBSD-SA2010-004 (NX on amd64) and NetBSD-SA2010-005 (NTP daemon)
3. phpBB 3.0.7-PL1 released to address a security issue in 3.0.7
4. eFront Released v3.5.5 Patch To Fix Security Issue
5. WebsiteBaker CMS, New Safe Backup Module Available

Tags: Content Management System CMS, e107