Opened 8 months ago

Last modified 8 months ago

#2879 new enhancement

Update Php in Repositoryadmin

Reported by: gpewr Owned by: jng
Priority: medium Milestone: 4.0
Component: Server Version:
Severity: major Keywords: php, security, vulnerability
Cc: External ID:

Description

The php version of repositoryadmin at c:\program files\osgeo\mapguide\server\repositoryadmin\php.exe is version 5.0.5.0, which has 132 security risks.

Modern vulnerability scanners will recognize this and report it. It will no longer be possible to use Mapguide in a professional environment.

Change History (1)

comment:1 by jng, 8 months ago

Owner: set to jng

I had a quick glance at what the actual .php scripts actually do that requires such an ancient PHP executable to have to be included and found out that for the most part that they are nothing more than wrapping around commands to the pre-existing dbxml executables under server/bin to do backup and restore operations!

So in light of that, in addition to ripping out this PHP executable, we should also rip out all the .php scripts and just refactor the calling .bat/.sh files to do this directly themselves.

Note: See TracTickets for help on using tickets.