oss-sec mailing list archives
Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin)
From: "Thijs Kinkhorst" <thijs () debian org>
Date: Tue, 28 Oct 2008 09:43:17 +0100 (CET)
On Mon, October 27, 2008 23:28, Hanno Böck wrote:
No fix yet, works also in 3.0.1.
Do we still call things that require register_globals to be on a 'vulnerability'? Register_globals has been advertised (including in the PHP documentation of that option) as a very bad idea for many years now, it's turned off by default since years aswell. Turning it on could be considered as knowingly taking the risk on a certain class of exploits. At least Debian doesn't provide any security support for these issues. Thijs
Current thread:
- CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Hanno Böck (Oct 27)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Thijs Kinkhorst (Oct 28)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Hanno Böck (Oct 28)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Steven M. Christey (Oct 28)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Hanno Böck (Oct 29)
- Re: CVE request phpmyadmin (Fwd: XSS in phpMyadmin) Thijs Kinkhorst (Oct 28)