On 08/26/2010 03:29 AM, Keith Roberts wrote: > register_globals is supposed to be off by default - so that > should stop any global variables being injected.
Doesn't matter. The vulnerability discussed is one where a PHP application actually takes the name of a file as input from the client. If your application does that and does not sanitize the path then it ends up vulnerable to code injection from the user. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
