newsSavane - News: Vulnerability in frontend/php/include/stats_functions.php

Show feedback again
Latest News
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed 02 Dec 2009 10:24:18 PM UTC - 0 replies
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon 04 Dec 2006 09:38:30 AM UTC - 2 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue 03 Oct 2006 08:06:29 AM UTC - 2 replies
We need packagers! posted by yeupou, Tue 19 Sep 2006 06:09:45 PM UTC - 2 replies

Vulnerability in frontend/php/include/stats_functions.php

Item posted by Mathieu Roy <yeupou> on Sat 18 Sep 2004 06:34:16 AM UTC.


Joxean Koret <joseanpiti> found out that frontend/php/include/stats_functions.php could be used maliciously to execute remote PHP code with the http server.

frontend/php/include/stats_functions.php is unused by the code since a long time -- an old leftover from the original SourceForge. You can safely remove it, it will not break anything.

All majors public sites running Savane have been already warned. As we're one week before 1.0.4 release, releasing a version only for this problem, considering how simple is the fix, currently does not seem a necessary move.

Thanks to Joxean Koret <joseanpiti>,


No messages in Vulnerability in frontend/php/include/stats_functions.php


Start a New Thread:

You could post if you were logged in
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup