News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SecurityReason.com:
PHP 5.2.4 Released...unpatched
September 05, 2007 @ 11:43:00

As mentioned by the International PHP Magazine, Maksymilian Arciemowicz has posted about some testing he's been doing on the newly released PHP 5.2.4 and has still found some issues with it.

In 30 August PHP Team have released new version PHP with number 5.2.4. We have tested this version and now we can say, that not all issues from PHP 5.2.3 are patched. It is possible bypass safe_mode, open_basedir and disabled_functions.

The issue he describes is the lack of a "mail.force_extra_parameters" setting in the php.ini still making it possible to exploit the mail() function to execute arbitrary PHP code.

0 comments voice your opinion now!
release php5 mail function arbitrary phpini setting patch release php5 mail function arbitrary phpini setting patch


blog comments powered by Disqus

Similar Posts

KillerSoft.com: SimpleTest 1.0.0 on Pearified.com

DevShed: Improving Exception Throwing when Auto Loading Classes in PHP 5

WorkingSoftware.com.au: Configuring PHP4 and PHP5 to run concurrently on FreeBSD

KillerSoft.com: SimpleTest 1.0.0 on Pearified.com

php|architect: php|a releases new Guide to Date & Time Programming


Community Events





Don't see your event here?
Let us know!


series application release wordpress threedevsandamaybe developer laravel bugfix community configure language api symfony code introduction install podcast library interview list

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework