[28974] in bugtraq
Re: twlc advisory: all versions of php nuke are vulnerable...
daemon@ATHENA.MIT.EDU (Jessica Smith)
Fri Feb 21 17:31:10 2003
Date: 19 Feb 2003 23:15:12 -0000
Message-ID: <20030219231512.917.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Jessica Smith <crystalsinger@mail.com>
To: bugtraq@securityfocus.com
In-Reply-To: <000701c1452f$7f3fc670$8119fea9@supergate>
>Systems Affected
>all the versions ARE vulnerable
>except '5.0 RC1' (i wonder why a released c. is ok while the final 5.2 is
>bugged)
<snip>
>conclusions:
>yet another bug of php nuke... this software is used by thousands of
>people... (we run something based on it too) i hope that this time the
>author will reply soon and will release a patch too!
Just FYI, this was patched in PHPNuke 5.3, released way back in November
2001 - perhaps SecurityFocus can update the attack description to reflect
this so that people running later versions don't worry unnecessarily?
Jessica
