[TYPO3-dev] Is the rtehtmlarea vulnerability solved if you disable shell_exec()?
Jonas Dübi
admin at commandline.ch
Thu Dec 21 10:40:55 CET 2006
Hello
Even though the function "shell_exec()" is disabled on our servers,
typo3 works properly.
Now I played around with the vulnerability a little bit and I'm nearly
shure that there is no way to exploit it, if the shell_exec() function
is disabled.
I realy wanna be shure about this so I ask this question here:
Is the vulnerability exploitable if the shell_exec() function is
disabled within the php.ini?
That would be a great quick solution if you have a lot of projects on
your servers, and need some weeks to update them all properly, isn't it?
Grettings from switzerland
Jonas
More information about the TYPO3-dev
mailing list