From This note on Christopher Kunz's blog today, there's a mention of the "Multiple vulnerabilities in phpSysInfo" that the Hardened-PHP Group posted yesterday on their site.

phpSysInfo is a PHP script that displays information about the host being accessed. It will displays things like Uptime, CPU, Memory, SCSI, IDE, PCI, Ethernet, Floppy, and Video Information.

A number of holes - all of them attributed to a rather crude (and unneeded) register_globals emulation - allow for arbitrary file inclusion, amongst other things.

I know that phpSysInfo is pretty widely spread (I know I used to use it pretty heavily), so this kind of thing could cause some pretty massive problems. To take care of the problem, you can check out the extended description for more information...

From This note on Christopher Kunz's blog today, there's a mention of the "Multiple vulnerabilities in phpSysInfo" that the Hardened-PHP Group posted yesterday on their site.

phpSysInfo is a PHP script that displays information about the host being accessed. It will displays things like Uptime, CPU, Memory, SCSI, IDE, PCI, Ethernet, Floppy, and Video Information.

A number of holes - all of them attributed to a rather crude (and unneeded) register_globals emulation - allow for arbitrary file inclusion, amongst other things.

I know that phpSysInfo is pretty widely spread (I know I used to use it pretty heavily), so this kind of thing could cause some pretty massive problems. To take care of the problem, you can check out the extended description for more information...