News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

4Null4.de:
Four new vulnerabilities in PHP found
April 10, 2006 @ 15:41:31

According to this new post on 4null4.de today, there are four new vulnerabilities in the most recent releases of PHP that have been found.

heise online, the popular and well-known German IT news site, conveys four new vulnerabilities in the PHP script language. PHP is often used for web applications such as WordPress and many bulletin board systems like phpBB or vBulletin. The issues can be found in PHP versions up to (and including) 4.4.2 and 5.1.2, and the current CVS snapshots for the upcoming 5.1.3 release will be first to fix the issues.

The errors are:

  • A problem with copy() that circumvents the "Safe Mode" for users who are logged in at the system.
  • A possible issue with tempname() that could ignore the "Safe Mode" setting also
  • a third leak that could lead to a web server process crashing (recusive function calls)
  • and an XSS attack issue with the standard phpinfo() page

The 4null4.de post has a summary of the issues, but the original article from heise has the complete info (as well as links to examples of the problems as documented on SecurityReason.com).

0 comments voice your opinion now!
vulnerabilities four new copy tempname crash phpinfo vulnerabilities four new copy tempname crash phpinfo


blog comments powered by Disqus

Similar Posts

NetTuts.com: PHP 5.4 is Here! What You Must Know

DZone.com: What new feature in PHP 5.4 is the most important to you?

DZone.com: PHP Performance Crash Course, Part 1: The Basics

Edin.dk: PHP 4.4 for windows with newer MySQL libraries

Paul Jones' Blog: Solar 0.26.0 Released, and New Website


Community Events





Don't see your event here?
Let us know!


bugfix list laravel wordpress podcast introduction threedevsandamaybe library language api project release community interview configure framework application developer series code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework