[VIM] [Bogus - partly] V TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (fwd)
str0ke
str0ke at milw0rm.com
Fri Jan 12 15:38:55 EST 2007
Rob,
I didn't even see the i-index.php mentioned in his short advisory.
Removed the 50 percent that wasn't working.
/str0ke
On 1/12/07, rkeith at securityfocus.com <rkeith at securityfocus.com> wrote:
> http://www.milw0rm.com/exploits/3118
>
> Half of this is bogus. In i-index.php the $chemin parameter is clearly
> defined. However in the i-accueil.php script this appears legit.
>
> In i-index.php:
> Line 12: $chemin = "." ;
>
> --
> Rob Keith
> Symantec
>
More information about the VIM
mailing list