newsSavane - News: Vulnerability in frontend/php/include/stats_functions.php

Show feedback again
Latest News
Security fix: scp restricted shell bypass posted by beuc, Thu Feb 2 22:02:09 2017 - 0 replies
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed Dec 2 22:24:18 2009 - 0 replies
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon Dec 4 09:38:30 2006 - 2 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue Oct 3 08:06:29 2006 - 2 replies
We need packagers! posted by yeupou, Tue Sep 19 18:09:45 2006 - 2 replies
[Submit News]
[23 news in archive]

Vulnerability in frontend/php/include/stats_functions.php

Item posted by Mathieu Roy <yeupou> on Sat Sep 18 06:34:16 2004.


Joxean Koret <joseanpiti> found out that frontend/php/include/stats_functions.php could be used maliciously to execute remote PHP code with the http server.

frontend/php/include/stats_functions.php is unused by the code since a long time -- an old leftover from the original SourceForge. You can safely remove it, it will not break anything.

All majors public sites running Savane have been already warned. As we're one week before 1.0.4 release, releasing a version only for this problem, considering how simple is the fix, currently does not seem a necessary move.

Thanks to Joxean Koret <joseanpiti>,


No messages in Vulnerability in frontend/php/include/stats_functions.php


Start a New Thread:

You could post if you were logged in
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup