Slashdot Mirror


PHP Blogging Apps Open to XML-RPC Exploits

miller60 writes "A bunch of popular PHP-based blogging and content management apps are vulnerable to a security hole in the PHP libraries handling XML-RPC, which could allow a server compromise. Affected apps include Wordpress, Drupal, PostNuke, Serendipity, phpAdsNew, phpWiki and many more. The presence of the security hole in a large number of programs is among the factors leading the Internet Storm Center to warn that the environment is ripe for a major Internet security event."

2 of 166 comments (clear)

  1. XML-RPC sucks. by Anonymous Coward · · Score: 0, Flamebait

    It always did. It always will.

  2. mod_perl by holy+zarquon's+singi · · Score: 0, Flamebait

    And that's exactly why I use mod_perl for this kind of stuff. That and perl is a more flexible language

    --
    "...we should just trust our president in every decision that he makes and we should just support that." B.Spears 2003