News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
PHPKIT vulnerabilities revisited
February 06, 2006 @ 06:40:05

On his blog, Christopher Kunz has a new note for all of those out there specifically running PHPKIT - some security issues that came up and weren't addressed as quickly as need be.

A while back, I reported several vulnerabilities in PHPKIT to the vendors. Although not very well-known in the rest of the world, there's an abundance of installations of this product in german-speaking countries, since it is very easy to install, provides a german user (and administration) interface and has about the same feature set as the infamous PHP-Nuke.

After I reported the vulnerability, no response whatsoever was received. I phoned the vendor, and they told me something about an ominous "community release" and that I should report the issues in their forum. I gave the advisory (including PoC for each hole) to the forum administrator and told them to get a fix out of the door. They responded in a very weird fashion, but allegedly fixed the bugs and released an inofficial patch in the forum.

He goes on in the post, stating why a distribution menthod like is isn't the wisest course of action. Patches are slow in distribution and applicataion versus a full version release. Especially ones distributed via less than an "official" means...

0 comments voice your opinion now!
phpkit vulnerabilities look again patch release phpkit vulnerabilities look again patch release


blog comments powered by Disqus

Similar Posts

Arnold Daniels' Blog: Wrong PHP prediction: you donít need to patch PHP to run multiple versions

Sebastian Bergmann's Blog: PHPUnit 3.1.0 (Release Announcement)

php|architect: August 2007 Issue Released

PHPJack: Zend Framework's Future

PHP.net: PHP 5.4.31 and 5.5.13 Released


Community Events





Don't see your event here?
Let us know!


update symfony library series laravel package tips framework opinion release interview introduction api deployment list podcast zendserver language install community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework