Security Hole Found in 4.3.0 · Slashdot Mirror

Posted by krow on Monday February 17, 2003 @09:46AM from the let's-all-sing-the-doom-song dept.

Saint Aardvark writes "The good folks at PHP.net have warned of a serious vulnerability in PHP 4.3.0: 'Anyone with access to websites hosted on a web server which employs the CGI module may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. A remote attacker could also trick PHP into executing arbitrary PHP code if attacker is able to inject the code into files accessible by the CGI. This could be for example the web server access-logs.' It's recommend that you upgrade to 4.3.1 right away."

1 of 34 comments (clear)

Min score:

Reason:

Sort:

Re:Finally by JediTrainer · 2003-02-17 13:02 · Score: 1, Offtopic

Epeche-a cun hefe-a ELL zee feetoores ooff IIS. Bork Bork Bork!
</mandatory microsoft borking>

--

You can accomplish anything you set your mind to. The impossible just takes a little longer.