[thelist] PHP security hole

David Kutcher david_kutcher at hotmail.com
Wed Feb 27 23:18:01 CST 2002

> It seems logical to blow this one off if you don't have any scripts that
> use file uploads

Huh, well, I have 2 web-based CMS products, both with a fairly wide
distribution... and all versions use php file uploads through a post.

Guess who just wrote a long detailed email to all of his clients and left a
voicemail on all of their business phones?  You guessed it. (at midnight)

It's going to be a fun next 4 days.  If they just discovered this one, I
unfortunately think there are going to be a few little ones in the next few
days as well.

Thankfully in my products' licensing agreement there's a clause guarding
against this.


More information about the thelist mailing list