Recent WordPress vulns and the Open Source Vuln DB

Thu, 12 May 2011 22:52:43 +0000

There’s been too many WordPress vulnerabilities for my liking. Fortunately they seem to be quick to patch but software updates are always a pain. How long before everyone starts to adopt Chrome’s auto update feature?

Luckily, I’m a fan of the Open Source Vuln Database which makes staying on top of security updates that matter to you easy. Using the OSVDB is as simple as creating an account and search alerts for any software you’re interested in. Here’s what I recently received regarding WP:

Osama, new or updated vulnerabilities that match your search watch list have been foundSEARCH ID: 14

OSVDB_ID: 72173
URL: http://osvdb.org/show/osvdb/72173

Title: WordPress Arbitrary File Upload
Disclosure Date: Apr 26, 2011Description: WordPress fails to properly validate uploaded files, allowing a remote attacker to upload a .phtml file with an appended extension (such as .gif) to execute arbitrary PHP code.

Drupal Upgrade Procedure

Fri, 29 May 2009 21:07:36 +0000

Drupal is a content management system — you can think of it as WordPress on steroids.

I would like to say that Drupal is majorly lacking in its upgrade procedure. The Drupal upgrade procedure is stone age. Security advisories seem frequent (good or bad?) which force the need to upgrade.

Who the hell has a 13 step upgrade procedure anymore? With WordPress the update can be handled with a few button clicks from the admin interface. Drupal requires you to FTP into your site….and it doesn’t end there…

I think we need to get a discussion started about whether or not frequent security advisories is a positive or negative. I can think of arguments for both sides.

System7 » wordpress

Recent WordPress vulns and the Open Source Vuln DB

Drupal Upgrade Procedure