Hi, There are several security bugs in CMS Made Simple 1.1.3.1 : (I am not going to release dangerous and exploitable info here) 1) There is a highly dangerous PHP code execution bug in the script . 2) A registered user can access unauthorized pages . For example he can upload files to the server, or can make users by posting data to /admin/adduser.php directly ; Also he can access to admin logs page (/admin/adminlog.php?page=1) . 3) There are 2 XSS bugs in the script . 4) There are 13 full path disclosure bugs . Direct access to several files can expose full installation path . The new version (1.1.4.1) has been released : http://blog.cmsmadesimple.org/2007/10/07/announcing-cms-made-simple-1141/ - Omid
