Security issues
Security issue with privacy+galleries addon combination
28th January 2022, 3:36 am
There is a data leak within the galleries+privacy addon combination under certain special conditions.
Clarifying the nature of administrator accounts
15th January 2022, 10:10 pmWe recently had a security researcher (aka whitehat hacker) claim to have found a vulnerability in Composr. This came down to a misunderstand, explained in this article.
Two security holes, and resolutions
2nd April 2021, 3:43 am
Two security holes were recently discovered in current and previous versions of Composr CMS.
These issues have been fixed in the new version released today, 10.0.37. In this news post we will explain the issues and provide temporary mitigations for those who do not wish to immediately upgrade to 10.0.37.
XSS via mime sniffing on .dat files
26th September 2019, 3:48 am
There is a vulnerability in Composr's storage of uploads as .dat files on servers. A hacker could plant code with JavaScript, then trick an administrator to running it on their machine.
This is a low-to-medium risk vulnerability. With planning, creativity, and coordination, this could result in a hacker attaining various malicious outcomes. JavaScript code does not have access to files on a user's own computer, but it can be used to automate privileged web page actions on the website it is running on.
Illicit access to stats graphs
26th September 2019, 3:48 am
Composr uses SVG for rendering out stats graphs. When stats are viewed in the Admin Zone, Composr will generate the .xml files onto disk, and then embed those files. However, the URLs to the files are predictable and not access-protected.
This is a low risk vulnerability. While illicit access to stats graphs is not acceptable, there are no wider known repercussions and similar data may be available via third-party tools anyway (such as Alexa).
Information leak on IIS
26th September 2019, 3:48 am
Hackers may directly access the URLs to various on-disk files due to lack of protection for IIS users that is built in for Apache users.
Such files include the raw source code of pages, raw templates, and raw language files.
This is a low-to-medium risk vulnerability. The majority of users are not hiding privileged content with guessable page names in Comcode pages, but for those that are, this is a concern. Access to raw templates and language files would rarely be a concern.
Advice for the Composr master password
15th September 2016, 4:59 amStrengthen your master password to improve maintenance script security.
