Critical Security Patch For Mura CMS
A critical security flaw has been discovered for all versions of Mura CMS older than version 5.2.2809. We strongly encourage all Mura CMS administrators to update their Mura CMS core to the latest version. You can do so by following these steps:
1. Login to the Mura admin with an account that has super user rights.
2. Once logged in, click the "Site Settings" Link located in the top right of the Mura CMS admin screens.
3. On the main "Site Settings" page that shows the list all of site currently running in your Mura CMS instance click "Update Core Files to Latest Version".
4. Click "Reload Application" in the Mura CMS admin left module nav.
Updating your Mura CMS to the latest release will fully eliminate this vulnerability.
If you are not able to use the Mura CMS auto-updater or you have an older version of Mura CMS without the updater, you can manually apply the patch in a few easy steps by downloading the applicable files listed below:
This security vulnerability can expose private information to unauthenticated users, and we strongly advise all Mura CMS users to update to the latest Mura CMS release as soon as possible.
Many thanks to stratsec researchers Rohan Stelling and Steven Seeley for their help in identifying this vulnerability, and for working directly with us to provide the information we needed to fix the issue. stratsec specializes in providing information security consulting and testing services for government and commercial clients. More info about stratsec can be found at their website - www.stratsec.net.