News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
Advisory - PHProjekt (Remote) Include Vulnerabilities
September 29, 2006 @ 10:01:00

The Hardened-PHP Project has released a new vulnerability for the PHProjekt groupware software.

While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.

By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.

They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).

0 comments voice your opinion now!
advisory security phprojekt include vulnerability advisory security phprojekt include vulnerability


blog comments powered by Disqus

Similar Posts

Community News: Stefan Esser Named to eWeek's The 15 Most Influential People in Security Today

Zend Developer Zone: PHP Abstract Episode 1 - PHP Secuity Tips

Fabien Potencier: Don't use PHP libraries with known security issues

Pádraic Brady: Composer: Downloading Random Code Is Not A Security Vulnerability?

iBuildings Blog: Verifying out software with OWASP ASVS


Community Events

Don't see your event here?
Let us know!


laravel application podcast extension php7 opinion api framework series version example release community voicesoftheelephpant library interview introduction conference symfony2 performance

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework