digip Posted October 4, 2007 Share Posted October 4, 2007 I am working on a site that by default came with PHP Version 4.3.11 on a godaddy account. It was initially a windows server and the MySql was not working, so I told the user to have GoDaddy upgade him to a dedicated server with Linux, Apache, Latest PHP and MySql. Now, they did some of the upgrades, like move him to Linux and Apache. MySql is version 5.0 so I am assuming that is pretty decent, but for some reason it is still using outdated PHP Version 4.3.11. What kinds of risks is he taking if he leaves this in place(considering they do not support it anymore and will stop downloads of 4.4 after thn new year). I have not yet created any databases and have only used PHP to write out text files for page data, none of which are viewable through the page. Is it possible with this version of PHP being installed for anyone to be able to inject code into his pages that end in PHP. I see a lot of vulnerabilities listed for certain things that mostly pertain to MySql injection and curl vuln's, but since I am not using MySql at this point, is his site at risk? I am not too familiar with PHP yet and I already told him to have them make sure to upgrade it to at least PHP 5, but we have no control over what they change on the backend. I think their default install of PHP is always 4.3.11, so if there is any problems, any GoDaddy site with PHP will probably be at risk. Not that I care about any other sites other than the one I am working on, but shouldn't a company like GoDaddy be up to date on these things? I do not have shell access to do anything, and even if I did, I wouldn't know how to go about upgrading it myself through the console, but is it possible for me to upgrade it using PHP itself? Is there a script that can automate the upgrade or replace the current version to the latest package? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.