phpBB worm FUD

Everybody who thinks that the Santy.A worm uses one of the security problems addressed in PHP's latest bugfix releases is wrong. It was NOT due to any bug in PHP, but merely a badly checked input variable which was passed to preg with the /e modifier. Besides this, phpBB is also vulnarable for some of the things address by PHP's new releases. But they are wrong saying that it is not their fault. Not-checked usage of serialized data is still their problem. Short version: use FUDforum .

Shortlink

This article has a short URL available: http://drck.me/phpbb-worm-fud-3hp

Comments

No comments yet

Add Comment

Name:
Email:

Will not be posted. Please leave empty instead of filling in garbage though!
Comment:

Please follow the reStructured Text format. Do not use the comment form to report issues in software, use the relevant issue tracker. I will not answer them here.


All comments are moderated

Life Line