Xu Keqian wrote:
> this bug may be using by hostility person. It's a hidden trouble.
Let me jump in and say that this is probably not directly related to
m0n0wall. It is more likely a problem with mini_httpd or php, if it is
indeed a problem. In order for someone to exploit this problem, they
would need to have access to the webGUI. They first need to get on the
inside of your network and then they need the management password. If
PHP works the same way ASP and IIS does, then the script interpreter is
not invoked until authentication has occured.
DaytonaWAN Networks, Inc.