All releases up to and including version 1.0 of XML-RPC for PHP have a
serious security vulnerability, allowing hostile remote clients or
servers to execute arbitrary code on your machine.
It is of critical importance that if you run an XML-RPC server or client
using the XML-RPC for PHP code that you update immediately. Both client
and server installations are affected by this flaw. The file you need
to replace is "xmlrpc.inc"
New code, version 1.01, can be downloaded from SourceForge:
https://sourceforge.net/project/showfiles.php?group_id=34455
I am indebted to Dan Libby for informing me of this security flaw.
May I remind users that, as licensed, the code comes with absolutely no
warranty at all. If you intend to use this code the responsibility for
auditing it rests with you.
-- Edd
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Send Email