Slashdot Mirror


PHP Vulnerabilities Announced

Simone Klassen writes "The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2, WBB2, Invision Board and vBulletin. It is time to upgrade now."

5 of 387 comments (clear)

  1. No comment? by jardin · · Score: 3, Funny

    They must be all busy upgrading :)

    1. Re:No comment? by stevesliva · · Score: 5, Funny

      No, all the sysadmins are on holiday vacation. Come on folks, announcing security vulnerabilities on a Friday in December? That's just plain mean.

      --
      Who do you get to be an expert to tell you something's not obvious? The least insightful person you can find? -J Roberts
  2. Kewl by mordors9 · · Score: 3, Funny

    I can't wait for someone to release a script that I can use to show what a leet haxor I am.

  3. Re:I've said it before, and I'll say it again by snoyberg · · Score: 3, Funny

    You're absolutely correct! I'll go convert all my scripts to ASP and avoid all of PHP's security holes by running on Microsoft software.

    --
    Thank God for evolution.
  4. Re:I've said it before, and I'll say it again by Anonymous Coward · · Score: 5, Funny

    I assume you dislike PHP. What would you recommend instead?

    A language that is a little more practical for extracting and reporting.

    NB