tinify/tinify-php

PHP Exploit Warning

superflausch opened this issue · 2 comments

Our hosting provider scans their servers for known exploits from time to time. warned us about a know exploit and blocked access to the following file within minify-php:

test/integration.php

The reason given is

# Known exploit = [Fingerprint Match (fp)] [PHP RFI Exploit [P2060]]

Did anyone else noticed this as well? Anything we can do? Or can this be updated/fixed in the lib?

Cheers.

Hi Superflausch,

That sounds bad. Since the tinify PHP package is produced from this repository, the code should be visible here.

It is probably a false positive, do you have any more information on the software that reports the exploit? We would like to have some more information on what detects it, and why. And if it is a false positive, we need to implement some mitigations.

Could you also send the test/integration.php file that got reported by your hosting provider to support@tinify.com?

Closing this issue because we haven't heard anything back. There is nothing we can do at this time.

Feel free to reopen.