RuubikCMS v1.1.1:

download

RuubikCMS demo

Username: admin
Password: ruubik

Demo website

News

16.02.2012

RuubikCMS 1.1.1 is now available for download. It has one small new feature and includes the manual security...

Read more

Local file inclusion vulnerability

18.10.2011

We were informed 2011-10-17 that RuubikCMS 1.1.0 has a local file inclusion vulnerability in file...

Read more

RuubikCMS 1.1.0 released

27.03.2011

RuubikCMS 1.1.0 is now available for download.   Changelog:   1.1.0 (released 2011-03-27, same...

Read more

Bookmark and Share

Local file inclusion vulnerability (18.10.2011)

We were informed 2011-10-17 that RuubikCMS 1.1.0 has a local file inclusion vulnerability in file /extra/image.php. As a quick fix you should do following:

After line 21 in file /extra/image.php add a new line with following code:

if (strstr($_GET['f'], '../')) die('Error');

Everybody who has the experimental extranet tool (v1.1.0) in use OR does not use extranet but has left folder /extra/ available in their installation should apply the fix as soon as possible.

You can also download the fixed file here: image.zip (unzip and replace as /extra/image.php)