This is just an FYI, but in the interests of full disclosure you should be aware that the main Radiant site (http://radiantcms.org) was exploited on May 15th this year. The attacker added an invisible link on the homepage to another Web site. At the moment we don't know if this was the result of an exploit on the Radiant CMS software itself, or if the attacker used some other means. In either case the attacker managed to create an admin user for himself and add his link to the homepage layout. I was only made aware of the problem late last night and we are still looking into it.
Has anyone else been the victim of an attack on a Radiant Web site? Can anyone shed light on how the attacker would be able to do this? -- John Long http://wiseheartdesign.com _______________________________________________ Radiant mailing list Post: [email protected] Search: http://radiantcms.org/mailing-list/search/ Site: http://lists.radiantcms.org/mailman/listinfo/radiant
