[wp-hackers] 1.5.2

Scott Merrill skippy at skippy.net
Wed Aug 10 01:39:33 GMT 2005

Mark Jaquith wrote:
> The issue at hand is register_globals.  The exploit that was recently 
> released requires register_globals to be on.  The code that was recently 
> committed to WordPress will disable register_globals, which should 
> protect us against these types of attacks in the future.

register_globals has been strongly discouraged in PHP installations for 
quite some time, now.

Since exploits are all so hush-hush, can some clarify whether my server, 
with "register_globals = off" in php.ini, is vulnerable?

More information about the wp-hackers mailing list