[VIM] Vendor dispute - CVE-2006-5840 (abarcar Realty Portal)

Steven M. Christey coley at mitre.org
Thu Dec 7 16:51:38 EST 2006


Researchers: Laurent Gaffié and Benjamin Mossé

The vendor disputed this issue to CVE via e-mail, stating that:

 - version 5.1.5 had been discontinued in 2003

 - 6.xx was discontinued in early 2006

 - the current version only does static pages without parameters

 - "the parameter 'slid' and the file 'slistl.php' never existed in
   any abarcar Realty Portal version"

 - questions to the original researchers were not answered.


There was no statement regarding whether the discontinued versions
were subject to the newsdetails.php/neid vector.

I don't have any additional analysis.

- Steve


More information about the VIM mailing list