News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
PHPKIT vulnerabilities revisited
February 06, 2006 @ 06:40:05

On his blog, Christopher Kunz has a new note for all of those out there specifically running PHPKIT - some security issues that came up and weren't addressed as quickly as need be.

A while back, I reported several vulnerabilities in PHPKIT to the vendors. Although not very well-known in the rest of the world, there's an abundance of installations of this product in german-speaking countries, since it is very easy to install, provides a german user (and administration) interface and has about the same feature set as the infamous PHP-Nuke.

After I reported the vulnerability, no response whatsoever was received. I phoned the vendor, and they told me something about an ominous "community release" and that I should report the issues in their forum. I gave the advisory (including PoC for each hole) to the forum administrator and told them to get a fix out of the door. They responded in a very weird fashion, but allegedly fixed the bugs and released an inofficial patch in the forum.

He goes on in the post, stating why a distribution menthod like is isn't the wisest course of action. Patches are slow in distribution and applicataion versus a full version release. Especially ones distributed via less than an "official" means...

0 comments voice your opinion now!
phpkit vulnerabilities look again patch release phpkit vulnerabilities look again patch release


blog comments powered by Disqus

Similar Posts

Alessandro Crugnola's Blog: AMFPHP issue referencing ByteArray

php|architect: php|works/PyWorks 2008 Conference Schedule Posted

Web & PHP Magazine: September 2013 Issue - "Painting in Code"

php|architect: October 2007 Issue Released

Lukas Smith's Blog: RC testing and the README.UPDATE


Community Events





Don't see your event here?
Let us know!


install series language introduction list interview configure unittest framework podcast library developer application wordpress community laravel code symfony release api

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework