Hi, i see in securityfocus a new report of bug, can developer's check please :)
http://www.securityfocus.com/archive/1/462322/30/0/threaded (http://www.securityfocus.com/archive/1/462322/30/0/threaded)
Valid report, moving to bugs section. Needs looking into, please stay tuned for the fix.
There are no vulnerabilities here, seems to be the result of an automated code scanner.
Imo there are vulnerabilities on certain, unsecure server-setups, with the vars in the URL not being defined within the script under all circumstances. Best practise is to define all vars used, particularly those that are being used as a path or the ones sent to the shell using exec.
The fixes for the vulnerabilities are easy: just add $cmd = '';and similar to the top of the pages that are being mentioned.
Imo this should be fixed, and yes, they even justify a maintenance release imo.
Well that is what they scanned for, but I didn't find any cases which were actually exploitable. They were contained within functions so no injected variables would be in scope. I agree they should be fixed but I don't think it warrants a release unless the flaws can actually be abused. Maybe I missed something.
Yes, they reside within functions, you're right.