1 (edited by snapsolutions 2005-07-05 02:03)

Topic: PHP Blogging Apps Vulnerable to XML-RPC Exploits

Many popular PHP-based blogging, wiki and content management programs can be exploited through a security hole in the way PHP programs handle XML commands. The flaw allows an attacker to compromise a web server, and is found in programs including PostNuke, WordPress, Drupal, Serendipity, phpAdsNew, phpWiki and phpMyFAQ, among others.

The flaw affects the XML-RPC function, which has many uses in web applications, including "ping" update notifications for RSS feeds. PHP libraries that allow applications to exchange XML data using remote procedure calls(RPC) fail to fully check incoming data for malicious commands. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP.

Full Story...

2

Re: PHP Blogging Apps Vulnerable to XML-RPC Exploits

Nucleus CMS was updated already: http://www.nucleuscms.org/item/3032

Re: PHP Blogging Apps Vulnerable to XML-RPC Exploits

What about PunBB?

Re: PHP Blogging Apps Vulnerable to XML-RPC Exploits

PunBB doesn't use XMLRPC and is thus not affected, some mods might be though, but I don't recall any using XMLRPC either.