PHP

1 readers

2 users here now

founded 2 years ago

submitted 9 months ago by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

Like many worldwide, the recent ownCloud vulnerabilities got us worried as security professionals and tool authors. According to this blog, the vulnerability was caused by a test file in the vendor directory.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 9 months ago

@symfonystation The real issue here is that too many PHP applications are not configured to work with a single PHP entrypoint, instead, they enable any dot php file to be served. This is criminal often, specially on nginx where you can't ship these rules like Apache (an .htaccess file on web root) and users share their own rules without realizing the hazardous conditions.

permalink
fedilink
source