phplist 2.10.9 - Security update

phplist 2.10.9 - Security update

Postby H2B2 » 3:11am, Sun 08 Feb, 2009

Security update version 2.10.9
29 January 2009

We've released version 2.10.9 that fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access.

Everyone using any version up to this one is advised to upgrade as soon as possible. Any clients hosted by Tincan have already been patched or upgraded.



If you don't want to upgrade now, you can fix the vulnerability quickly by adding the following line to the top of the index file in the admin directory:

----------

if (isset($_REQUEST['_SERVER'])) { exit; }

----------

This will at least stop your installation from being vulnerable to this attack.
Source: http://www.phplist.com/?lid=274
See also: viewtopic.php?p=59383#59383


Note: Bugfixes included in this release can be viewed in the Change log

General installation and upgrade instructions can be found here:
http://docs.phplist.com/PhplistInstallation
http://docs.phplist.com/PhplistUpgrade
H2B2
Moderator
 
Posts: 7188
Joined: 1:51am, Wed 15 Mar, 2006

Return to German forum

Who is online

Users browsing this forum: No registered users and 2 guests

cron