If Your PHP CMS Uses XML-RPC, Turn it Off, Now

2 comments
Source Title:
PHP Blogging Apps Vulnerable to XML-RPC Exploits
Story Text:

A word of warning for those of you using Drupal, WordPress and other Blog/CMS systems utilizing XML-RPC. There's a vulnerability been found that could leave your server open to attack.

The flaw affects the XML-RPC function, which has many uses in web applications, including "ping" update notifications for RSS feeds. PHP libraries that allow applications to exchange XML data using remote procedure calls(RPC) fail to fully check incoming data for malicious commands. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP.

Comments

for clarification

Just for clarification it is only if PHP and not CMS / Blogs etc in other languages that are affected

Seems WP is OK is fine if....

...you are on v. 1.5.1.2 or above

http://wordpress.org/support/topic/38296

They strongly disagree that this exploit affects them. They had a similar but unique XMLRPC exploit of their own. Err ok...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.