NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP + mod_cgi - serious vulnerability

Chris Snyder chsnyder at gmail.com
Fri May 4 08:28:33 EDT 2012


Is anyone here still running PHP using mod_cgi on Apache?

If so, you need to read this: http://www.php.net/archive/2012.php#id2012-05-03-1

The vulnerability gives an attacker access to your source code, which
may reveal database passwords or implementation details that lead to
further, more serious attacks.

Cheers,

Chris Snyder
http://chxor.chxo.com/



More information about the talk mailing list