I came across this which suggests that it's a PHP issue. I noticed cp35 uses 4.3.4. Does anyone know what the deal is and how I should proceed?
Once the PHP gets updated on cp35 I should be able to juist restore my backup PhPBB, right? or do I have to upgrade to the latest phpbb. I have tons of mods and don't want to have to go that route if possible.
Can anyone shed any light on this issue?
Thanks!!!
-----------------------------------------------------------------
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).
Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions
Once the PHP gets updated on cp35 I should be able to juist restore my backup PhPBB, right? or do I have to upgrade to the latest phpbb. I have tons of mods and don't want to have to go that route if possible.
Can anyone shed any light on this issue?
Thanks!!!
-----------------------------------------------------------------
Recently a serious exploitable issue was discovered in PHP (the scripting language in which phpBB, IPB, vB, etc. are written) versions prior to 4.3.10. The problematical functions include unserialize and realpath. phpBB (along with a great many other scripts including IPB, vB, etc.) use these two functions as a matter of course.
It has come to our attention that code has now been released which uses this exploit in PHP to obtain confidential information in phpBB. Such information includes data contained in phpBB's config.php file. We therefore recommend the following:
1) If you maintain your own server be sure to upgrade to the newest available release of PHP (both versions 4 and 5). Be aware that at this time phpBB 2.0.x has problems functioning under PHP5 without modification.
2) If you pay for hosting ensure you hosting provider has upgraded thier installation of PHP (again remember that phpBB 2.0.x and other scripts will not function under PHP5 without modification).
Fixed versions of PHP do exist and as above we encourage you to ensure your system is running such a version. Equally please examine any "hacking" issues you have carefully to ensure they are not caused by this PHP problem (rather than phpBB). Remember, this is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions
Comment