News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

John Cox's Blog:
vTiger multiple vulnerabilities
November 25, 2005 @ 06:50:46

John Cox has this new post today with an up-close look at one of the PHP application issues highlighted by the PHP Security Consortium - one dealing with vTiger.

Interesting security notice via PHPSec on vTiger (open source customer relationship management system). Beyond the normal XSS vulnerabilities that were reported was an interesting topic of an exploit that I had not given much thought to before.

The method he refers to here deals with vTigers ability to read in RSS blogs, but no checking is done. Thus, a malicious user could enter "crap" into the blog and trick someone using vTiger to read it in. This "RSS attack" isn't something new, but it doesn't get a lot of press. It should, however, be paid attention to, since the results could be quite detrimential to you and your site...

0 comments voice your opinion now!
vtiger multiple vulnerabilities vtiger multiple vulnerabilities


blog comments powered by Disqus

Similar Posts

Vidyut Luther\'s Blog: Where do you \"define\" your environment/global settings?

Secunia.com: CMS Mundo SQL Injection and File Upload Vulnerabilities

Bill Staples' Blog: IIS7 Patch for Windows Vista fixes CGI/PHP apps - multiple response headers

CodeForest.net: Multiple virtual hosts in WAMP

Chris Shiflett's Blog: Google Code Search for Security Vulnerabilities


Community Events

Don't see your event here?
Let us know!


extension interview podcast library example language opinion community xdebug php7 laravel introduction version unittest series release api install voicesoftheelephpant framework

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework