Dantevios.com

So I just rolled out my new website today and in shopping for content management systems (CMSs) there were 3 things I always look for when shopping around:

1. Is the CMS secure?
2. Can I apply my own theme/template easily to the website?
3. Does the CMS have a good editing system to insert new content?

I saw this awesome theme for Nucleus CMS called Terminal , but when I looked at this security vulnerability in Nucleus (that was published just last month on exploit db) found here: http://www.exploit-db.com/exploits/12241 I was turned off by Nucleus CMS. Basically the way they use their DIR_LIBS variable they shot themselves in the foot and have allowed users to back up and access files on their hard disk by inserting ../../../whatever/path/you/want/textfile.txt . Seems harmless right? So what if you’re running apache as root (dumb to do yes) and you do something like ../../etc/shadow and download the shadow file for someones linux box?  Are you going to let someone dump your MD5 hashes for your account, crack your password for your username, and log into your box via SSH? Well, I’m not about to do that. I thought about applying to be a developer and applying a patch for this bug, but I needed to get a website up fast. Thus sadly I went with wordpress with this nice kuublack theme.