Follow us!
Join us!
Login
Register
The ImpressCMS development team has released ImpressCMS 1.1.3, a security update for their 1.1 version. The vulnerabilities were not in their core code, but in 2 of the 3rd party libraries used and distributed with their core - Smarty and PHPOpenID. If your site is running on a version prior to 1.1.3, it is strongly recommended you upgrade to the latest version.
Smarty is a template engine, driving the way pages are built and displayed by ImpressCMS. PHPOpenID allows you to use OpenID authentication for logins on an ImpressCMS site.
Both XOOPS and ImpressCMS have released updates to address the recently disclosed security flaw. The National Vulnerability Database and SecurityFocus both reported details of a security flaw that affected both CMS platforms.
XOOPS has released version 2.0.18.2 RC and ImpressCMS has released version 1.0.2.RC
It is highly recommended you upgrade to the most recent version of either XOOPS or ImpressCMS to better secure your web site.
A security vulnerability affecting both XOOPS and ImpressCMS has been reported at the National Vulnerability Database and SecurityFocus. A fix for this has been posted at ImpressCMS. It is highly recommended you patch your sites to prevent exploitation of this vulnerability.