Possible Security Problem

2 posts by 2 authors in: Forums > CMS Builder
Last Post: August 1, 2016   (RSS)

By Dave - August 1, 2016

Hi mark99, 

The use of $acunetix in the code is interesting and I wonder if this is just somebody running the http://www.acunetix.com/ vulnerability scanner on the system or if it's something I should be worried about?

I think that's probably it.  We get thousands of automated hack attempts a day on our own site.  Mostly they're looking for known vulnerabilities in common scripts like Wordpress and exploitable code.

I wouldn't worry about it on it's own.  The logging is likely just caused by unexcepted input from the user or us wanting to log unknown situations.  If you like, though, if it keeps showing up in your logs you could send me some additional examples and I could update the code in CMSB to not log those situations.

Also, if you have custom PHP code you are unsure about and you'd like us to have a quick look at it to make sure it's secure just let me know.  Typically you just want to make sure you mysql escape any user inputs (eg: $_REQUEST, $_GET, $_POST, etc).

Hope that helps!  Let me know any other questions.

Dave Edis - Senior Developer

interactivetools.com