XML_RPC Remote PHP Code Injection Vulnerability - Wikitech-l - lists.wikimedia.org

List overview All Threads
Download

XML_RPC Remote PHP Code Injection Vulnerability

{{CURRENTTIME}} ? How to make +2 ?

Lien RSS "encyclopéde"

Neil Harris

25 Aug 2005 25 Aug '05

8:59 p.m.

Does this PHP XML_RPC implementation vulnerability affect MediaWiki at all?

http://www.hardened-php.net/advisory_142005.66.html

-- Neil

Reply

Show replies by date

Brion Vibber

26 Aug 26 Aug

12:29 a.m.

Neil Harris wrote:

Does this PHP XML_RPC implementation vulnerability affect MediaWiki at all?

http://www.hardened-php.net/advisory_142005.66.html

MediaWiki does not use PEAR::XML_RPC or any of its relatives; thus no stock MediaWiki installation is vulnerable to any problems in PEAR::XML_RPC.

The MWSearch extension does use the PEAR::XML_RPC _client_ (not the server) code to send updates to the C#-based search server; that's a) for use on an internal network and b) probably not used by anybody out there except Wikimedia at this stage (it's in a somewhat experimental state still).

-- brion vibber (brion @ pobox.com)

Reply

7051

Age (days ago)

7051

Last active (days ago)

wikitech-l@lists.wikimedia.org

1 comments

2 participants

tags (0)

participants (2)

Brion Vibber
Neil Harris