TITLE: KokeshCMS Unauthenticated Content Editing Vulnerability SECUNIA ADVISORY ID: SA9685 VERIFY ADVISORY: http://www.secunia.com/advisories/9685/ CRITICAL: Highly critical IMPACT: Security Bypass, Manipulation of data WHERE: From remote SOFTWARE: KokeshCMS 0.x DESCRIPTION: A vulnerability has been reported in KokeshCMS, which can be exploited by malicious people to edit content without being logged in. The problem is that "edit.php" doesn't require users to authenticate before allowing them to edit content. SOLUTION: Update to version 0.2: http://prdownloads.sourceforge.net/kokeshcms/KokeshCMS_0_2.zip?download ---------------------------------------------------------------------- Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@secunia.com Tel : +45 7020 5144 Fax : +45 7020 5145 ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------