[VIM] Jupiter CMS file include - CVE dispute
Steven M. Christey
coley at mitre.org
Mon Aug 28 18:33:56 EDT 2006
Researcher: "D3nGeR"
Ref: BUGTRAQ:20060825 Jupiter CMS 1.1.5 index.php Remote File Include
http://www.securityfocus.com/archive/1/archive/1/444421/100/0/threaded
D3nGeR includes the following code snippet:
$template = "default";
include "templates/$template/id.php";
Looks like the good ol' grep-and-gripe.
I downloaded the code, and while $template is used heavily, it's set
to constant values or (probably) admin-controlled configuration
values.
So, CVE disputes this.
- Steve
More information about the VIM
mailing list