Linklog
Thu, 19.Oct 2006
- PHPBB Security PHPBB_Security.PHP Remote File Include Vulnerability #
Ah, the irony. A Modification that is called “phpBB Security” and meant to increase security, has a hole that allows remote code execution. And no patch/update/announcement in sight. This once more goes to show that every line of additional code increases complexity of the system as a whole and therefore might introduce new security vulnerabilities. Unfortunatey the group of people most likely to run unmaintained software on the web, are also (apparently) the ones that most likely fall for simple howtos/mods that claim to increase security.
« Textpattern 4.0.4 Released c't 22/2006, S. 102: Urheberrecht und Strafverfolgung »