Advertisement:

Author Topic: Security problem with SMF 2.0.15 + PHP 7.0/ 7.1  (Read 1790 times)

Offline lwiz

  • Semi-Newbie
  • *
  • Posts: 20
Security problem with SMF 2.0.15 + PHP 7.0/ 7.1
« on: November 18, 2018, 05:14:23 PM »
If for some reason database is out of action, SMF 2.0.15 spits out the database username and password for everyone to see who opens the SMF board URL.

Caught this during a larger server update and luckily, as I was then able to change both quickly, but this is an extreme security issue.

-L

Offline Illori

  • Project Manager
  • SMF Legend
  • *
  • Posts: 51,618
Re: Security problem with SMF 2.0.15 + PHP 7.0/ 7.1
« Reply #1 on: November 18, 2018, 05:29:03 PM »
that is what php does, SMF has no control over php errors.

Offline Looking

  • SMF Hero
  • ******
  • Posts: 2,381
  • SMF Customization
    • jeanborde on Facebook
    • SMF Custom Themes & Custom Coding
Re: Security problem with SMF 2.0.15 + PHP 7.0/ 7.1
« Reply #2 on: November 18, 2018, 06:19:39 PM »
Hide all errors?

Offline lwiz

  • Semi-Newbie
  • *
  • Posts: 20
Re: Security problem with SMF 2.0.15 + PHP 7.0/ 7.1
« Reply #3 on: November 18, 2018, 06:24:21 PM »
Yeah pilot error here, had the errors setting left to shown after a late night testing session I guess :/

Jumped the gun though as I saw someone else telling the same problem with their board, so not the only one then having bit iffy php.ini

-L