Bugtraq mailing list archives
Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
From: Dan Kuykendall <dan () kuykendall org>
Date: 11 Apr 2002 07:41:10 -0000
In-Reply-To: <003b01c05f7c$29d6cba0$1400a8c0@homenet> This was corrected in 0.9.10 and beyond. We now wipe out any attempts to set post or get vars to the phpgw_info array and also double check that none of the include values have http in them. Seek3r phpGroupWare Spokesperson
Current thread:
- Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare Dan Kuykendall (Apr 11)