Slashdot Mirror


PHP Blogging Apps Open to XML-RPC Exploits

miller60 writes "A bunch of popular PHP-based blogging and content management apps are vulnerable to a security hole in the PHP libraries handling XML-RPC, which could allow a server compromise. Affected apps include Wordpress, Drupal, PostNuke, Serendipity, phpAdsNew, phpWiki and many more. The presence of the security hole in a large number of programs is among the factors leading the Internet Storm Center to warn that the environment is ripe for a major Internet security event."

1 of 166 comments (clear)

  1. Re:Makes me happy by Sepodati · · Score: 5, Insightful

    Makes me sad that it's in PHP...since I love PHP
    This isn't a PHP vulnerability. It's another poorly written, widely used application that's vulernable because the developer fails to check external input. The vulnerability is in a PHP script that someone has written. It could have been written in any langauge; the fault is on the developer, not PHP.

    ---John Holmes...