Quite some time ago, there was a Gmail security hole where the security researcher managed to produce a link and if you have clicked on it, you got the Gmail login screen along with a form which stated that Gmail will become a paid service but if you pay ten dollars then you can get lifetime access. Of course, the form lead to nowhere, because this guy was a security researcher, not a bad guy. Imagine the same link spread through spam which has about 0.01-02% click through rate -- for ten million emails, that's a few ten thousand dollars earned without serious effort. Whether you will be sued or not if something like this commences, is anyone's guess. I am unaware of anyone dragged to court because of a security hole but sooner or later it will happen.
A privilege escalation might lead to information disclosure. If you run as innocent as a kid educational site, you are likely holding records of minors and a disclosure of those might be serious trouble.
If you keep going without applying security patches then somewhere down the line you will miss one that let people run arbitrary PHP code. Here, restore does help but it can be way too late. Your site might be running a spambot for some time. Or what about hosting copyright infrigement? Let's recall a snide warning from an RIAA attorney: "You don't want to have another visit with a dentist like me."
Commenting on this Story is closed.