Savane - News: Vulnerability in frontend/php/include/stats_functions.php
Show feedback again
Latest News
New Savane release fixes symlink attack and privilege escalation posted by beuc, Wed 02 Dec 2009 10:24:18 PM UTC - 1 reply
Release 3.0: markup language and anti-spam tools posted by yeupou, Mon 04 Dec 2006 09:38:30 AM UTC - 12 replies
Release 2.0: interface heavy improvements, bugfixes and cosmetics posted by yeupou, Tue 03 Oct 2006 08:06:29 AM UTC - 42 replies
We need packagers! posted by yeupou, Tue 19 Sep 2006 06:09:45 PM UTC - 2 replies
Release 1.4: security fix (XSS), bugfixes, cosmetics posted by yeupou, Sat 04 Feb 2006 09:26:26 AM UTC - 0 replies
[Submit News]
[22 news in archive]
[Submit News]
[22 news in archive]
Vulnerability in frontend/php/include/stats_functions.php
Item posted by Mathieu Roy <yeupou> on Sat 18 Sep 2004 06:34:16 AM UTC.
Hello,
Joxean Koret <joseanpiti> found out that frontend/php/include/stats_functions.php could be used maliciously to execute remote PHP code with the http server.
frontend/php/include/stats_functions.php is unused by the code since a long time -- an old leftover from the original SourceForge. You can safely remove it, it will not break anything.
All majors public sites running Savane have been already warned. As we're one week before 1.0.4 release, releasing a 1.0.3.2 version only for this problem, considering how simple is the fix, currently does not seem a necessary move.
Thanks to Joxean Koret <joseanpiti>,
Regards,
Comments:
No messages in Vulnerability in frontend/php/include/stats_functions.php
Start a New Thread:
Show feedback again
