News Feed
Jobs Feed
Sections




News Archive
Hardened-PHP Project:
Advisory - PHProjekt (Remote) Include Vulnerabilities
by Chris Cornutt September 29, 2006 @ 10:01:00

The Hardened-PHP Project has released a new vulnerability for the PHProjekt groupware software.

While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.

By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.

They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).

0 comments voice your opinion now!
advisory security phprojekt include vulnerability advisory security phprojekt include vulnerability


blog comments powered by Disqus

Similar Posts

Community News: Red Hat Security Package Update

PHP-Coding-Practices.com: Introduction To Security Vulnerabilities In PHP

Matthew Weir O'Phinney's Blog: Zend_Layout and Zend_View Enhanced components now in core

Secubos.com: Cross-Site Scripting Vulnerability in phpFaber

DevShed: File Security and Resources with PHP


 Community Events











Don't see your event here?
Let us know!

usergroup testing phpunit database interview podcast development series conference release example language opinion community rest framework introduction symfony2 zendframework2 functional

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework