Re: [Phpwiki-talk] Vulnerability in PHP3/4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Steve,

> This BUGTRAQ digest contains information on a remote exploit for web
> servers running PHP. You should read it and verify your system is not
> vulnerable.

thanks for letting us know, but please forward only the relevant portion next 
time.

Btw, a IMHO more serious attack against PHP was discovered in September: php 
file upload vulnerability - see http://www.securityfocus.com/archive/1/80106
Quoted from there:
> [Impact]
> 1. File disclosure
> 2. (1) will often lead to disclosure of PHP code
> 3. (2) will often lead to disclosure of database authentication data
> 4. (3) may lead to machine compromise

Everyone has secured their DBs against remote access, so there's nothing to 
worry about, right?

btw, I'd like to hear your opinion on the internationalization issue and what 
you think about WikiExit().

/Arno