Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare

From: Dan Kuykendall <dan () kuykendall org>
Date: 11 Apr 2002 07:41:10 -0000

In-Reply-To: <003b01c05f7c$29d6cba0$1400a8c0@homenet>

This was corrected in 0.9.10 and beyond. We now 
wipe out any attempts to set post or get vars to 
the phpgw_info array and also double check that 
none of the include values have http in them.

Seek3r
phpGroupWare Spokesperson
Previous By Date Next
Previous By Thread Next

Current thread: