====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN447
____________________________________________________________________

DATE                :  08/11/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running CMS Made Simple versions prior to
                                            1.11.2.1.

======================================================================
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545
______________________________________________________________________

Today we received notification of a security vulnerability in all
versions of CMS Made Simple up to and including CMSMS 1.11.2

This vulnerability allows authorized administrators to affect files on
remote hosts in situations where files are owned by a shared httpd
process owner (such as apache or httpd or web etc).

So upon analysis of the situation a small fix was made to ImageManager
to solve this issue resulting in CMSMS 1.11.2.1

We recommend all users upgrade their installs of CMS Made Simple to
1.11.2.1 as soon as possib.

In accordance with our support policy, the two supported versions of
CMSMS are 1.11.2 and 1.11.2.1

Thank you for your time, and please upgrade your sites as soon as possible.


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================