PHP Blogging apps open to exploit

The reason for the WordPress update we covered last week has been disclosed by Netcraft: apparently PHP blogging tools, CMS packages and related packages can be exploited through a security hole in the way they handle XML commands.

For the more technical minded the flaw affects the XML-RPC function, which has many uses in web applications, including “ping” update notifications for RSS feeds. PHP libraries that allow applications to exchange XML data using remote procedure calls(RPC) fail to fully check incoming data for malicious commands. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP. The net result is that these apps are vulnerable to a very high risk remote php code execution vulnerability that may allow for an attacker to compromise a vulnerable webserver … By creating an XML file that uses single quotes to escape into the eval() call an attacker can easily execute php code on the target server.

For the rest of us, if you are using packages such as PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ to name but a few, seek out an upgradge ASAP because this is bad people, bad, even if I actually have no real idea what this all means.

Feeling stuck in self-doubt?

Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

Join Free Now

Picture of Duncan

Duncan

RECENT ARTICLES

TRENDING AROUND THE WEB

4 zodiac signs who become rich later in life

4 zodiac signs who become rich later in life

My Inner Creative

6 zodiac signs that can sense a lie before you even finish your sentence

6 zodiac signs that can sense a lie before you even finish your sentence

My Inner Creative

8 subtle habits of people who are always a joy to be around, according to psychology

8 subtle habits of people who are always a joy to be around, according to psychology

Hack Spirit

6 zodiac signs who always end up in “situationships” instead of real relationships

6 zodiac signs who always end up in “situationships” instead of real relationships

Parent From Heart

If you had no one to lean on as a child, you’ve probably developed these 8 traits (according to psychology)

If you had no one to lean on as a child, you’ve probably developed these 8 traits (according to psychology)

NewsReports

Men who never felt truly respected by their fathers often display these 8 hidden behaviors

Men who never felt truly respected by their fathers often display these 8 hidden behaviors

Hack Spirit