Abstract

Typically, users of Web content management systems lack expert knowledge of the technology itself, let alone the security issues therein. Complicating the matter, WCMS vulnerabilities are attractive targets for potential attackers. A security analysis of two popular, open-source WCMSs exposed significant security holes, despite the obvious efforts of their developer communities. These vulnerabilities leave the applications and their nonexpert users open to exploitation.