[nycphp-talk] PHP + mod_cgi - serious vulnerability
Chris Snyder
chsnyder at gmail.com
Fri May 4 08:28:33 EDT 2012
Is anyone here still running PHP using mod_cgi on Apache?
If so, you need to read this: http://www.php.net/archive/2012.php#id2012-05-03-1
The vulnerability gives an attacker access to your source code, which
may reveal database passwords or implementation details that lead to
further, more serious attacks.
Cheers,
Chris Snyder
http://chxor.chxo.com/
More information about the talk
mailing list