PHP Blogging Apps Open to XML-RPC Exploits
miller60 writes "A bunch of popular PHP-based blogging and content management apps are vulnerable to a security hole in the PHP libraries handling XML-RPC, which could allow a server compromise. Affected apps include Wordpress, Drupal, PostNuke, Serendipity, phpAdsNew, phpWiki and many more. The presence of the security hole in a large number of programs is among the factors leading the Internet Storm Center to warn that the environment is ripe for a major Internet security event."
That I use Movable Type which won't be effected by this. Makes me sad that it's in PHP...since I love PHP. You can't have everything.
Blog: orange haired boy
I really don't want to bash PHP - it seems flexible. However, after having people break into my server through phpBB and Gallery, I replaced those apps with their mod_perl equivalents, and things are working faster and more secure. Having said that, it was hard to find the Perl equivalents and even hard to find good support for it (ie. themes, etc). I'm still looking for a good Gallery replacement written in Perl.
Obviously, security issues aren't always the language but usually come from the people who write it. It just seems to me that, since PHP is more popular for writing forums, image galleries, etc, that there are a lot more careless coders out there coding in PHP.
phpBB is a good example of this. Every other week, they have some security issue.