php+cgi security vulnerability
This is an open discussion with 2 replies, filed under General.
Search
Wow. That is some powerful shit. Luckily mod_cgi is not very widely used anymore, otherwise this would be very painful.
I found out about this via an email from the Hiawatha webserver mailing list, which @bzerangue put me onto. Apparently even if you were to use PHP CGI, you're not vulnerable with Hiawatha.
Create an account or sign in to comment.
gentlemen,
a heads up if your web setup uses mod_cgi instead of mod_php:
from what i understand, some shared hosts use cgi to allow for php to run as the user so please test your setup and alert your web host if you are vulnerable.
source: php news archive