PHPDeveloper.org: SecurityReason.com: PHP 5.2.4 Released...unpatched

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

PHPMaster.com: Data Structures for PHP Devs: Stacks and Queues

Alessandro Nadalin: Integrating Twig in Your Legacy PHP Code

Fabien Potencier: Packing a Symfony full-stack Framework Application in one File - Bootstrapping

Community News: Packagist Latest Releases for 06.18.2013

Community News: Latest PECL Releases for 06.18.2013

Sameer Borate: Simple user authentication in Laravel 4

php|architect: Re: Branding php[architect]

/Dev/Hell Podcast: Episode 33: Pol Pot-level Sucks

MaltBlue.com: Using ZFTool for Basic Project Management

Fabien Potencier: Packing a Symfony full-stack Framework Application in one File - Introduction

SecurityReason.com:
PHP 5.2.4 Released...unpatched

by Chris Cornutt September 05, 2007 @ 11:43:00

As mentioned by the International PHP Magazine, Maksymilian Arciemowicz has posted about some testing he's been doing on the newly released PHP 5.2.4 and has still found some issues with it.

In 30 August PHP Team have released new version PHP with number 5.2.4. We have tested this version and now we can say, that not all issues from PHP 5.2.3 are patched. It is possible bypass safe_mode, open_basedir and disabled_functions.

The issue he describes is the lack of a "mail.force_extra_parameters" setting in the php.ini still making it possible to exploit the mail() function to execute arbitrary PHP code.

0 comments voice your opinion now!
release php5 mail function arbitrary phpini setting patch release php5 mail function arbitrary phpini setting patch

blog comments powered by Disqus

Similar Posts

SitePoint PHP Blog: UTF-8 Email in PHP with eZ Components

International PHP Magazine: Poll Question: The Biggest Advantage of PHP 5 is?

John Mertic's Blog: PHP 5.2.5 Windows Installer now working

Christian Stocker's Blog: Added xslt profiling to PHP 5.3 and 6 CVS

Ilia Alshanetsky\'s Blog: 5.1.2 Released!

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework