| « Editing permissions | SQL injection vulnerability » |
XML-RPC vulnerability
2005-07-05
15:50:29, by Francois Planque 
, 121 words 
Categories: Critical, Version 0.8.7 "Cream", Version 0.8.9 "Spring", Other versions, Version 0.8.6.2 "Snow", Version 0.9.0.3 "Europe", Version 0.9.0.5 "Berlin", Version 0.9.0.8 "Oslo", Version 0.9.0.9 "Madrid", Version 0.9.0.11 "Paris", Version 0.9.0.10 "Copenhagen", Version 0.9.0.12 "Amsterdam"
XML-RPC vulnerability
A critical security issue has been discovered in the XML-RPC for PHP that most applications use, including b2evolution.
It is highly recommended you fix you installation by downloading this patch file and unzipping it into you /blogs/b2evocore/ folder. This should overwrite the two following files:
- _functions_xmlrpc.php
- _functions_xmlrpcs.php
UPDATE: The authors of the XML-RPC library have released a new version. The previous one may not be sufficiently secure. Thus there is a new patch file available for b2evolution. It must be installed in the exact same manner.
This patch has been tested on the latest 0.9.0.12 "Amsterdam" release but is believed to work on all 0.9.0.x versions.
The patch will be included in future releases.
