[VIM] Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability
Steven M. Christey
coley at linus.mitre.org
Thu Jun 14 22:27:38 UTC 2007
> FYI: milw0rm 4071 is sort of true -- the RFI flaw does exist, but by
> default there's a .htaccess file in saf/lib/PEAR/PhpDocumentor that
> prevents access to that directory tree.
Also note that at first glance, this might look like an issue in
PhpDocumentor, a separate module, which DOES have the bug-559668.php file;
however, it doesn't have the vulnerable FORUM[LIB] line, so this must have
been added by the Sitellite developer.
- Steve
More information about the VIM
mailing list