News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christopher Kunz's Blog:
PHPKIT vulnerabilities revisited
February 06, 2006 @ 06:40:05

On his blog, Christopher Kunz has a new note for all of those out there specifically running PHPKIT - some security issues that came up and weren't addressed as quickly as need be.

A while back, I reported several vulnerabilities in PHPKIT to the vendors. Although not very well-known in the rest of the world, there's an abundance of installations of this product in german-speaking countries, since it is very easy to install, provides a german user (and administration) interface and has about the same feature set as the infamous PHP-Nuke.

After I reported the vulnerability, no response whatsoever was received. I phoned the vendor, and they told me something about an ominous "community release" and that I should report the issues in their forum. I gave the advisory (including PoC for each hole) to the forum administrator and told them to get a fix out of the door. They responded in a very weird fashion, but allegedly fixed the bugs and released an inofficial patch in the forum.

He goes on in the post, stating why a distribution menthod like is isn't the wisest course of action. Patches are slow in distribution and applicataion versus a full version release. Especially ones distributed via less than an "official" means...

0 comments voice your opinion now!
phpkit vulnerabilities look again patch release phpkit vulnerabilities look again patch release


blog comments powered by Disqus

Similar Posts

Eran Galperin's Blog: Passing arrays to Zend_Controller_Router

Clay Loveless' Blog: Monitor PHP Extension Releases with Y! Pipes

Zend: Zend Framework Preview Release 0.1.4 Posted!

php|architect: May 2013 Issue Released!

Community News: phpDocumentor 1.4.0 (Stable) Release


Community Events





Don't see your event here?
Let us know!


community podcast threedevsandamaybe code unittest install series language application interview developer configure library list laravel introduction api release symfony wordpress

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework