By
First released November 19, 2008
Cover image for post PEAR::XML_RPC - Security vulnerability!

PEAR::XML_RPC - Security vulnerability!

2008-11-19

Tobias Schlitt

As already mentioned, a huge bunch of PHP based applications have a security issue in their XML-RPC implementations. This also applied to PEAR::XML_RPC. If you are using this package, it's more than recommended to upgrade to the new version 1.3.1, which fixes the named issue. If you have your own or are using another ones XML-RPC implementation, please check immediatly if the issue exists there, too! There are several example exploits around the web, so take this issue seriously!

As already mentioned, a huge bunch of PHP based applications have a security issue in their XML-RPC implementations. This also applied to PEAR::XML_RPC. If you are using this package, it's more than recommended to upgrade to the new version 1.3.1, which fixes the named issue. If you have your own or are using another ones XML-RPC implementation, please check immediatly if the issue exists there, too! There are several example exploits around the web, so take this issue seriously!

Thanks to Stefan Esser for the info and the patch for PEAR::XML_RPC!