[wp-hackers] Security alert for WP 1.5.1.3
Lorelle VanFossen
lorelle at cameraontheroad.com
Wed Aug 10 13:41:12 GMT 2005
Me no expert, just passing on info.
Security Issue: http://secunia.com/advisories/16386/
WordPress Forum first post: http://wordpress.org/support/topic/41464
DrBacchus says: Nobody should have register_globals enabled. Yes, it's
icky and the bug should be fixed, but the responsibility also lies with
the server admin. register_globals is the devil.
relle DrBacchus: could a plugin turn on the globals?
DrBacchus relle: it can be turned on in a .htaccess file, so,
presumably a plugin could do that.
Fix: In .htaccess add a line for php_flag register_globals off
Lorelle
More information about the wp-hackers
mailing list