The Channel logo


By | John Leyden 1st November 2005 15:38

Shout goes out over PHP security bugs

The script's a killer

Security researchers have identified numerous new vulnerabilities in PHP - the popular, open source web development environment. The critical security flaws create a possible means for hackers to conduct cross-site scripting attacks, bypass certain security restrictions or even (at least potentially) compromise a vulnerable system.

The vulnerabilities are reported to affect PHP versions 4.4.0 and prior. Users are advised to update to version 4.4.1 (release notes here). Most of this batch of PHP security vulnerabilities (summary) were discovered by Stefan Esser, of the Hardened-PHP Project, which has published a series of advisories here.

The security bugs described by the Hardened-PHP Project are yet to be developed into s'kiddie friendly exploits. But the past appearance of PHP-targeting worms, and the damage they caused, really ought to prompt the rapid deployment of security updates. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe