this post was submitted on 25 Jan 2024
1 points (100.0% liked)

PHP

1 readers
2 users here now

founded 2 years ago
 

Like many worldwide, the recent ownCloud vulnerabilities got us worried as security professionals and tool authors. According to this blog, the vulnerability was caused by a test file in the vendor directory.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 9 months ago

@symfonystation The real issue here is that too many PHP applications are not configured to work with a single PHP entrypoint, instead, they enable any dot php file to be served. This is criminal often, specially on nginx where you can't ship these rules like Apache (an .htaccess file on web root) and users share their own rules without realizing the hazardous conditions.