|
|
|
|
|
|
by nicksantamaria
2980 days ago
|
|
|
The fact that php.module ever existed in the codebase is a downright travesty. As soon as any privileged user was compromised (i.e. someone with "administer users" or "administer site configuration" permissions) the attacker had arbitrary remote code execution. My projects had a patch to remove that entire module from core on each build. |
|
|