PHPix 2.0.2 security hole (remote access)

Brought to you by: panthar

PHPix 2.0.2 security hole (remote access)

Forum: Help

Creator: Mikko Hänninen

Created: 2004-02-16

Updated: 2004-02-16

Mikko Hänninen - 2004-02-16

Hi,

Just wanted to alert everyone here that at least PHPix 2.0.2 (I don't know about 2.0.3, but presumably that as well, unless someone can confirm it's not vulnerable) has a security which allows anyone with remote access to to the gallery to run arbitrary commands. See the entry in the "Bugs" section for more information.

My own server just got cracked through this hole... So I can't really recommend that you run PHPix, at least unless this bug gets fixed.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Chris Gegg - 2004-02-16
  
  2.0.3 does have the security hole, but I noticed, at least from my website, the information does not provide the passwords, only a listing of users on the host server - although far too disturbing to leave unpatched.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.