oss-sec mailing list archives

CVE request: Serendipity < 1.5 upload of files with .php. possible

From: Hanno Böck <hanno () hboeck de>
Date: Mon, 21 Dec 2009 18:28:27 +0100

From 1.5 release notes:
# Disallow uploading any files that contain ".php." in the filename for extra 
security with Apache MimeMagic-Modules

See this comment also:
http://blog.s9y.org/archives/211-Serendipity-1.5-released.html#c3064



(it's probably worth looking at other apps if they are vulnerable to this)


-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: Serendipity < 1.5 upload of files with *.php.* possible Hanno Böck (Dec 21)
- Re: CVE request: Serendipity < 1.5 upload of files with *.php.* possible Steven M. Christey (Dec 23)

oss-sec mailing list archives

CVE request: Serendipity < 1.5 upload of files with *.php.* possible

Current thread:

CVE request: Serendipity < 1.5 upload of files with .php. possible