By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Netcraft: PHP Blogging Apps Vulnerable to XML-RPC Exploits

Yikes; a slew of PHP weblog / CMS software packages, including WordPress, PostNuke, and Drupal, are vulnerable to bugs in the standard PHP XML-RPC libraries that allow attackers to execute arbitrary PHP code on the server.

★ Tuesday, 5 July 2005