Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PHP Exploit Warning #55

Open
superflausch opened this issue Dec 22, 2022 · 3 comments
Open

PHP Exploit Warning #55

superflausch opened this issue Dec 22, 2022 · 3 comments
Labels
question

Comments

@superflausch
Copy link

Our hosting provider scans their servers for known exploits from time to time. warned us about a know exploit and blocked access to the following file within color-thief-php:

src/ColorThief/Image/Adapter/AbstractAdapter.php

The reason given is

# Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P2128]]

Did anyone else noticed this as well? Anything we can do? Or can this be updated/fixed in the lib?

Cheers.
@ksubileau
Copy link
Owner

ksubileau commented Dec 22, 2022
edited
Loading

A bit difficult to analyze with so few details, but have you checked the integrity of all the library code files?
Do you have a way to contact your hosting provider to get more details ?

@NOSSKosh
Copy link

Hi @ksubileau

I have received the exact same message from my hosting provider this weekend. No further details provided.
Any news on this?

@jschlier
Copy link

I can imagine this being caused by calling file_get_contents on a "user-input" URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@superflausch @ksubileau @jschlier @NOSSKosh