PHProjekt 6

Features
Screenshots & Videos
Blog
Live Demo

Navigation

Demo
Downloads
Features
Addons
Service
Installation
Forum
Dokumentation
Bugtracker
Erweiterte Suche
Feedback
Presse
Impressum
Login/Register

Languages

Sprache auswählen:

Security hole in PHProjekt release 3.1!

12. Mar 2002

Yesterday an user named 'B0iler_' informed me about a security hole in PHProjekt. It applies to the versions 3.1 and 3.1a.
Under certain circumstances it is possible to insert poisoned code into a script by modifying a path variable in order to point to another remote server.

This hole particularly concerns those installations
- with a connection to the internet
- with allow_url_fopen=on (which is the default setting)

You are strongly encouraged to update to version 3.1b which is identical to 3.1a except a security fix.
Update procedure: simply copy the new files over the old ones, there is no need to run the setup routine. (Be careful if you already downloaded a patch).
Download url:
ftp://ftp.phprojekt.com/phprojekt.zip or
ftp://ftp.phprojekt.com/phprojekt.tar.gz

Please mail me if you need further information or post a comment here.

Albrecht Guenther

Verfasst von Albrecht Guenther