New build adds detection for CMS Made Simple vulnerabilities and many other updates

Acunetix v11 (build 11.0.173131028) has been released. This new build introduces new vulnerability checks for CMS Made Simple, adds support for Selenium scripts as import files, and includes a good list of updates and bug fixes. Below is a full list of updates.

New Features and Vulnerability Tests

• Added support for Selenium scripts as Target Import files
• Introduced various vulnerability checks for CMS Made Simple including:
  • PHP Remote File Inclusion (RFI) in version 0.10 (CVE-2005-2846)
  • SQL Injection in version 1.0.5 and earlier (CVE-2007-2473)
  • Directory Traversal in version 1.8.1 and earlier  (CVE-2010-2797)
  • Web Server Cache Poisoning in versions 2.1.3 and earlier and 1.12.2 and earlier (CVE-2016-2784)
  • Cross Site Request Forgery (CSRF) in version 2.1.6 and earlier (CVE-2016-7904)
  • Cross Site Scripting (XSS) in version 2.1.6 and earlier (CVE-2017-6555)
  • Cross Site Scripting (XSS) in version 2.1.6 (CVE-2017-6556)
  • Local File Inclusion in version 2.1.6 and earlier

Improvements

• Various minor UI updates
• Improved handling of aborted scans for Targets with Continuous scanning enabled
• Increased Custom Cookie size limit from 512 bytes to 10Kb (2Kb for Acunetix Online)
• Added new email templates
• Email notification now indicates if a scan has failed
• Multiple minor updates to the reports
• Updated the Error Message script to show full JAVA error messages
• Tech Admin role can now create and alter Scan types.

Fixes

• Scan Comparison was incorrectly switching the order of the scans
• Scan Comparison was incorrectly comparing with Allowed host
• Fixed bug in the licensed user limit
• Fixed bug causing scans to fail when the LSR contains Unicode characters
• Multiple fixes in XML export
• Multiple fixes in F5 WAF rules export
• Fixed 2 minor security issues in web interface
• 2 fixes affecting incorrect vulnerability count in Dashboard
• Fixed the retesting of vulnerabilities for Targets requiring manual intervention
• Fixed the Targets page incorrectly showing that the Target is being scanned, when an ongoing scan is deleted.

Upgrade to the latest build

If you are already using Acunetix v11, you can initiate the automatic upgrade from the new build notification in the Acunetix UI .
If you have not yet installed or upgraded to Acunetix v11, you may download Acunetix version 11 from here. Use your current Acunetix License Key to download and activate the product.