PHP patch quick but inadequate

Tuesday, May 05 1998 @ 09:22 AM CST

Contributed by: Linegod

The updates to PHP versions 5.3.12 and 5.4.2 released on Thursday do not fully resolve the vulnerability that was accidentally disclosed on Reddit, according to the discoverer of the flaw. The bug in the way CGI and PHP interact with each other leads to a situation where attackers can execute code on affected servers. The issue remained undiscovered for eight years.

Read the full thing at

Comments (0)

Warped Systems