Hello MapLab users ...
We have just received notification via bugtraq of a potential Remote
File Inclusion Vulnerability in MapLab 2.2.1:
http://www.securityfocus.com/archive/1/464462/30/0/threadedThe problem exists in GMapFactory/params.php and potentially allows a
malicious user to include a remote file into the php script, which
can then execute any arbitrary PHP code.
The problem can be mitigated by ensuring that 'register_globals' is
turned off in your php configuration file (php.ini).
We will also be providing a source code patch to the affected file(s)
to remove the vulnerability.
Cheers
Paul
+-----------------------------------------------------------------+
|Paul Spencer
pspencer@... |
+-----------------------------------------------------------------+
|Chief Technology Officer |
|DM Solutions Group Inc
http://www.dmsolutions.ca/ |
+-----------------------------------------------------------------+
_______________________________________________
Maplab-users mailing list
Maplab-users@...
http://lists.maptools.org/mailman/listinfo/maplab-users
