FutureQuest has discovered that CMS Made Simple (http://www.cmsmadesimple.org/index.php) has multiple Security Vulnerabilities which have resulted in site compromises.

ALL versions of CMS Made Simple that contain uploadview.php are subject to an Arbitrary File Upload Vulnerability.
http://www.securityfocus.com/bid/47637
http://www.exploit-id.com/web-applications/cms-made-simple

***Action Required***
There is no known official update for this and we recommend removing or disabling this file if present until such time as the Authors of CMS Made Simple issue an update addressing this.

Additionally All versions of CMS Made Simple prior to Version 1.9.4.2 are subject to SQL injection attacks.
http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=54536

***Action Required***
All CMS Made Simple Installations prior to version 1.9.4.2 must be disabled, removed or upgraded to Version 1.9.4.2

FutureQuest has attempted to identify all Packages that have CMS Made Simple installed and we have already sent notices to the Contacts listed for those accounts to take the appropriate actions.

This is a good time to remind all site owners that it is very important to maintain all third party scripts installed within your accounts with all up to date patches and upgrades to prevent possible compromise and exploitation of your accounts.

The FutureQuest Team