RuubikCMS v1.1.2 Beta:

download

RuubikCMS demo

Username: admin
Password: ruubik

Demo website

News

RuubikCMS 1.1.2 Beta released

09.10.2014

RuubikCMS 1.1.2 Beta is now available for download. Special characters in page names are working now...

Read more

RuubikCMS 1.1.1 released

16.02.2012

RuubikCMS 1.1.1 is now available for download. It has one small new feature and includes the manual security...

Read more

Local file inclusion vulnerability

18.10.2011

We were informed 2011-10-17 that RuubikCMS 1.1.0 has a local file inclusion vulnerability in file...

Read more

Bookmark and Share

Local file inclusion vulnerability (18.10.2011)

We were informed 2011-10-17 that RuubikCMS 1.1.0 has a local file inclusion vulnerability in file /extra/image.php. As a quick fix you should do following:

After line 21 in file /extra/image.php add a new line with following code:

if (strstr($_GET['f'], '../')) die('Error');

Everybody who has the experimental extranet tool (v1.1.0) in use OR does not use extranet but has left folder /extra/ available in their installation should apply the fix as soon as possible.

You can also download the fixed file here: image.zip (unzip and replace as /extra/image.php)