Fix for XML-RPC vulnerability
Posted by fplanque on Jul 05, 2005 in Security info
A critical security issue has been discovered in the XML-RPC for PHP that most applications use, including b2evolution.
It is highly recommended you fix you installation by downloading this patch file and unzipping it into you /blogs/b2evocore/ folder. This should overwrite the two following files:
This patch has been tested on the latest 0.9.0.12 "Amsterdam" release but is believed to work on all 0.9.0.x versions.
The patch will be included in future releases.
Comment from: fplanque Member
This also affects the original b2 as well as most other PHP blog tools.
In addition the original b2 has a lot more security issues that remain unfixed.
This is one of the reasons we have ‘evolution’! :P
This is exclusively b2evolution, or are we talking about a vulnerability for b2 (original) as well?