PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PEAR Releases (03.18.2024)

Community News: Latest PEAR Releases (03.11.2024)

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
Advisory - PHProjekt (Remote) Include Vulnerabilities

byChris Cornutt Sep 29, 2006 @ 15:01:00

The Hardened-PHP Project has released a new vulnerability for the PHProjekt groupware software.

While searching for applications that are vulnerable to a new class of vulnerabilities inside PHP applications we took a quick look into the current PHProjekt source code and discovered that a (remote) include vulnerability had been (re)introduced.

By overwriting a variable with user input it is possible to inject and execute arbitrary PHP code. Overwriting this variable is possible regardless of the register_globals setting.

They give a few more details further down the posting and note that users should download and install the latest version (at the time of this post, 5.1.2).