Forums

WordPress › Support » WP-Advanced

[resolved] New security issue in 2.06!!! (6 posts)

  1. timelf123
    Member
    Posted 5 years ago #

    http://milw0rm.com/exploits/3109
    Don't know if this is the right place for this, but here is a new trackback exploit for 2.06 already!

  2. timelf123
    Member
    Posted 5 years ago #

    can someone please tell me when this is going to be fixed?!
    i contacted the author and he said the fix was

    "the fix is... don't use unset() if you know that is vulnerable on your system, but just $somevariable="";"

  3. drmike
    Member
    Posted 5 years ago #

    There's already a thread about this as well as discussion on the mailing lists about it.

    http://wordpress.org/support/topic/100043

  4. Mark Jaquith
    WordPress Lead Dev
    Posted 5 years ago #

    This issue has been fixed by 2.0.7

    My solution was to set to NULL before unsetting. We do unregistering of globals in wp-settings.php, so only one line needed to change.

  5. carjunky
    Member
    Posted 5 years ago #

    Its nice to see that the wordpress crew gets things done very fast. How are things running in 2.10?

  6. moshu
    Member
    Posted 5 years ago #

    You mean 2.1? (since there is no 2.10)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags