Re: PHPList <= 2.10.2 remote commands execution

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: PHPList <= 2.10.2 remote commands execution
From: secfoc@xxxxxxxxxxxx
Date: 11 Apr 2006 14:55:45 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This vulnerability is caused by the PHP globals problem. 
http://www.hardened-php.net/globals-problem

Not vulnerable: PHP 4.4.1 and up or PHP 5.1.0 and up

Fix:

add 

$GLOBALS = array(); 

to the top of the config file

Prev by Date: [USN-269-1] xscreensaver vulnerability
Next by Date: Re: function *() php/apache Crash PHP 4.4.2 and 5.1.2
Previous by thread: PHPList <= 2.10.2 remote commands execution
Next by thread: Re: Re: PHPList <= 2.10.2 remote commands execution
Index(es):
- Date
- Thread