Bugtraq mailing list archives

Re: PHPList <= 2.10.2 remote commands execution

From: secfoc () tincan co uk
Date: 11 Apr 2006 14:55:45 -0000


This vulnerability is caused by the PHP globals problem. http://www.hardened-php.net/globals-problem

Not vulnerable: PHP 4.4.1 and up or PHP 5.1.0 and up

Fix:

add 

$GLOBALS = array(); 

to the top of the config file

Current thread:

PHPList <= 2.10.2 remote commands execution rgod (Apr 10)
- <Possible follow-ups>
- Re: PHPList <= 2.10.2 remote commands execution secfoc (Apr 11)
- Re: Re: PHPList <= 2.10.2 remote commands execution rg . viza (Apr 11)