Security Announcements

TSA 2010-03/1

Published by AlexC, Mar 21, 2010

A file upload filter bypass was reported by Nick Freeman which allowed the possibility to upload and execute a PHP script. Due to the requirements of the environment for this exploit to work, we are treating this as a very low risk issue.

Affected versions:
< 2.5.1
Related bug report:
Security #237
Solution:
Upgrade to 2.5.1 or later

Read more

TSA 2009-12/1

Published by AlexC, Dec 14, 2009

Media items uploaded through the media module were accessible outside of TangoCMS, allowing users to bypass the ACL security checks by simply sharing a URL to the file.

Affected versions:
< 2.4.0
Related bug report:
Security #188
Solution:
Upgrade to 2.4.0 or later

Read more

TSA 2009-06/1

Published by AlexC, Jun 29, 2009

An XSS vulnerability was discovered within the internal 'Html' library, due to an incorrectly handled string that could be provided by the user.

Affected versions:
< 2.3.0
Related bug report:
Security #140
Solution:
Upgrade to 2.3.0 or later

Read more

Security RSS Feed

Keep up to date with the latest TangoCMS Security Announcements with our TSAs RSS Feed.

More about security »

Recent TSA Reports

TSA 2010-03/1
Published by AlexC, Mar 21, 2010
TSA 2009-12/1
Published by AlexC, Dec 14, 2009
TSA 2009-06/1
Published by AlexC, Jun 29, 2009
TSA 2009-02/1
Published by AlexC, Feb 20, 2009
TSA 2008-12/1
Published by AlexC, Dec 18, 2008
TSA 2008-10/1
Published by AlexC, Oct 18, 2008