Secunia has published an advisory related to a “0day” vulnerabilty (http://ivanobinetti.blogspot.com/2012/02/forkcms-325-csrf-and-xss-0day.html which I’ve discovered in the past days and regarding a CSRF (Cross Site Request Forgery) which affects ForkCMS 3.2.5 and lower.
Secunia tested this vulnerability also in 3.2.6 version, latest release which ForkCMS team published few days ago.
As I already said in my advisory I think that ForkCMS in a very nice CMS which, with some security improvements, can become a great cms. May be that I will use it in the future.
Following you can read more details about Secunia Advisory:
Also PacketStorm has published this Advisory: