[wp-hackers] 1.5.2
Scott Merrill
skippy at skippy.net
Wed Aug 10 01:39:33 GMT 2005
Mark Jaquith wrote:
> The issue at hand is register_globals. The exploit that was recently
> released requires register_globals to be on. The code that was recently
> committed to WordPress will disable register_globals, which should
> protect us against these types of attacks in the future.
register_globals has been strongly discouraged in PHP installations for
quite some time, now.
Since exploits are all so hush-hush, can some clarify whether my server,
with "register_globals = off" in php.ini, is vulnerable?
More information about the wp-hackers
mailing list