Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
New PHP security vulnerabilities
Published: 2005-11-01

New vulnerabilities have been found in version 4 of the wildly popular PHP scripting language, thanks to recent advisories from the Hardened PHP Project. The announcement does not appear to affect PHP 5.0.5.

PHP 4.4.1 has been released, which addresses a cross site scripting vulnerability in the commonly used phpinfo() call, and includes fixes for safe_mode vulnerabilities and $GLOBALS superglobal session variables, which could lead to the compromise of PHP scripts that were otherwise thought to be secure. A vulnerable PHP script that is exploited often leads to the web server being compromised and provides the opportunity for privilege escalation and potential full system compromise.

Vulnerable PHP scripts are increasingly being targeted by automated tools that compromise systems and use them for website defacements and phishing attacks. Users of PHP 4.x are urged to upgrade to PHP 4.4.1 as soon as possible.

Posted by: Kelly Martin
    Digg this story   Add to  
Comments Mode:
New PHP security vulnerabilities 2005-11-02


Privacy Statement
Copyright 2009, SecurityFocus