PHP Blogging apps open to exploit

The reason for the WordPress update we covered last week has been disclosed by Netcraft: apparently PHP blogging tools, CMS packages and related packages can be exploited through a security hole in the way they handle XML commands.

For the more technical minded the flaw affects the XML-RPC function, which has many uses in web applications, including “ping” update notifications for RSS feeds. PHP libraries that allow applications to exchange XML data using remote procedure calls(RPC) fail to fully check incoming data for malicious commands. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP. The net result is that these apps are vulnerable to a very high risk remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable webserver … By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server.

For the rest of us, if you are using packages such as PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ to name but a few, seek out an upgradge ASAP because this is bad people, bad, even if I actually have no real idea what this all means.

Picture of Duncan

Duncan

RECENT ARTICLES

TRENDING AROUND THE WEB

7 signs you’re in a relationship with someone who lacks emotional depth

7 signs you’re in a relationship with someone who lacks emotional depth

Baseline

10 personality traits of men who show true loyalty in a relationship

10 personality traits of men who show true loyalty in a relationship

Global English Editing

10 signs you’re giving way too much and your partner is taking advantage of it

10 signs you’re giving way too much and your partner is taking advantage of it

Small Business Bonfire

4 zodiac signs who are definitely on the right path in life

4 zodiac signs who are definitely on the right path in life

Baseline

7 clever ways to show a master manipulator you won’t play their games

7 clever ways to show a master manipulator you won’t play their games

Small Business Bonfire

10 subtle signs you are actually an extremely likable person

10 subtle signs you are actually an extremely likable person

Global English Editing