Fix for XML-RPC vulnerability

Posted by on Jul 05, 2005 in Security info

A critical security issue has been discovered in the XML-RPC for PHP that most applications use, including b2evolution.

It is highly recommended you fix you installation by downloading this patch file and unzipping it into you /blogs/b2evocore/ folder. This should overwrite the two following files:

  • _functions_xmlrpc.php
  • _functions_xmlrpcs.php

This patch has been tested on the latest 0.9.0.12 "Amsterdam" release but is believed to work on all 0.9.0.x versions.

The patch will be included in future releases.

2 comments

Comment from: Sigg3

Sigg3

This is exclusively b2evolution, or are we talking about a vulnerability for b2 (original) as well?

2005-07-08 @ 15:46

Comment from:

This also affects the original b2 as well as most other PHP blog tools.
In addition the original b2 has a lot more security issues that remain unfixed.
This is one of the reasons we have ‘evolution’! :P

2005-07-08 @ 17:09