A note for CMSMS Users who use the third-party module LISE

A vulnerability that allows a remote attacker to initiate the uninstaller routine for specific LISE instances was discovered yesterday. An update (version 1.4.3) to LISE has been released to patch this and should be applied immediately to all sites using the LISE module.

The exploit results in the database tables for the instance to be deleted, but all files remain intact. Recovering the tables in question from a database backup is the remedy. The patch will prevent future, similar exploits but cannot recover any lost data.

If you have any questions or concerns, please join us on Slack.