Ideally, user input in web forms is sanitized – checked to ensure that users are not attempting to introduce code to give instructions to the web server. Content management systems typically bring together blogs, forums, news feeds and link directories in a single application, making it easy for webmasters to manage large communities of users. As a result, CMs apps include a large number of forms accepting user input, increasing the likelihood that some form fields may not be properly secured, providing an opportunity for SQL injection attacks.
Open source CMS programs often find and fix security holes promptly. But as is the case with most web software, a significant number of users fail to install security patches in a timely fashion. This provides an opportunity for hackers, who typically use public advisories to identify security flaws in specific programs and files, and then query search engines to locate vulnerable versions of the software. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005.