John
Wed 27th Feb '02, 7:07pm
We have recently learnt of a security issue with file upload support in PHP. More details can be found in this advisory:
http://security.e-matters.de/advisories/012002.html
Please make sure that your host upgrades immediately, as all PHP scripts, regardless of their use of file uploads, are vulnerable to these issues.
John
[edit: Please note, many hosts are upgrading to PHP 4.1.2 because of this issue. However, from PHP 4.1 and above, the "register_globals" PHP setting now defaults to "off". This setting needs to be set to "on" in order for vBulletin (and many other PHP applications) to function properly. If this setting is "off", you will receive "no forum specified error" when using vBulletin. Please read more about this here: http://www.vbulletin.com/forum/showthread.php?s=&threadid=40721]
http://security.e-matters.de/advisories/012002.html
Please make sure that your host upgrades immediately, as all PHP scripts, regardless of their use of file uploads, are vulnerable to these issues.
John
[edit: Please note, many hosts are upgrading to PHP 4.1.2 because of this issue. However, from PHP 4.1 and above, the "register_globals" PHP setting now defaults to "off". This setting needs to be set to "on" in order for vBulletin (and many other PHP applications) to function properly. If this setting is "off", you will receive "no forum specified error" when using vBulletin. Please read more about this here: http://www.vbulletin.com/forum/showthread.php?s=&threadid=40721]