Hey guys,
Well, I really like PhoenixCMS 3.0 and I use it now cause of XaddoUSA, and we got told there were an SQL injection exploit. And I've asked Aaron himself if it would work to run a command he said no but this was a day later, I fixed this earlier to set the error to only allow the format of numeric.
Anyways a simple fix, find the following:
Replace with:
Well, I really like PhoenixCMS 3.0 and I use it now cause of XaddoUSA, and we got told there were an SQL injection exploit. And I've asked Aaron himself if it would work to run a command he said no but this was a day later, I fixed this earlier to set the error to only allow the format of numeric.
I'm no ColdFusion expert, but this should work got the patches from Adobe.
Anyways a simple fix, find the following:
PHP:
<cfquery name="ThisStory" datasource="#DSN#">
SELECT *
FROM cms_news
WHERE id = #url.story#
LIMIT 1
</cfquery>
Replace with:
PHP:
<cfquery name="ThisStory" datasource="#DSN#">
SELECT *
FROM cms_news
WHERE id =<cfqueryparam value="#url.story#" cfsqltype="cf_sql_numeric">
LIMIT 1
</cfquery>
I know it's a really simple fix, but they shouldn't be able to run a command anyway, but better to be safe huh ? - thank me if you want to xD.