Security Vulnerability
Recently, a Local/Remote file inclusion vulnerability was reported against MindTouch 10.1.3. Though the report looks ominous, this vulnerability is only exploitable when PHP is explicitly configured to operate in an insecure manner.
The PHP setting that makes this vulnerability exploitable is register_globals = On. When register_globals is set to On, input from the client (query string parameters and cookies) are assigned to variables in PHP which can cause unexpected and very unsafe results.
Because register_globals = On is such a high security risk, the default value of the setting is "Off" since PHP version 4.2.0, has been deprecated in PHP 5.3.0 and removed entirely in PHP 5.4.0.
MindTouch has never recommened that the setting be turned on nor shipped a product with register_globals = On.
Excellent submit, very informative. I wonder why the other specialists of this sector do not understand this. You should proceed your writing. I am confident, you have a huge readers’ base already!|What’s Happening i am new to this, I stumbled upon this I have discovered It absolutely useful and it has helped me out loads. I’m hoping to give a contribution & help different customers like its helped me. Good job.
August 29th, 2012 at 2:11 am[...] Original article found at: http://blog.developer.mindtouch.com/2012/08/28/security-vulnerability/ [...]
February 5th, 2013 at 12:48 pm[...] Original article found at: http://blog.developer.mindtouch.com/2012/08/28/security-vulnerability/ [...]
February 9th, 2013 at 6:26 pm