Apr 1, 2008

Major security flaw in PHP found

A security flaw in PHP POST variables allows a virus to fake an upload form and submit itself to any form on a website. If the site is using PHP, the virus is able to upload and inject PHP code onto the site, with full access to whatever PHP has access to. It can then re-propagate itself to anybody using the site, which then propagates to sites that the user visits.

Read more about it here.

No comments: