michael_s
07-01-2009, 10:14 AM
A vulnerability has been discovered in osCMax v2.0.2 that does not properly sanitize output. This allows an attacker to change the url string and inject malicious code.
osCMax v2.0.3 has been posted to the download page and the fixes are also present in SVN trunk and the v2.1 branch.
It is recommended that all osCMax users update their sites with this patch. All versions of osCMax are vulnerable, including all prior versions of v2.0x.
Download the zip file and replace /admin/includes/application_top.php with the contained file. That is all that needs to be done. Note that this patch has only been tested on v2.0.2 but should work with all v2.0x versions of osCMax.
osCMax v2.0.3 has been posted to the download page and the fixes are also present in SVN trunk and the v2.1 branch.
It is recommended that all osCMax users update their sites with this patch. All versions of osCMax are vulnerable, including all prior versions of v2.0x.
Download the zip file and replace /admin/includes/application_top.php with the contained file. That is all that needs to be done. Note that this patch has only been tested on v2.0.2 but should work with all v2.0x versions of osCMax.