[VIM] Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability

Steven M. Christey coley at linus.mitre.org
Thu Jun 14 22:27:38 UTC 2007


> FYI: milw0rm 4071 is sort of true -- the RFI flaw does exist, but by
> default there's a .htaccess file in saf/lib/PEAR/PhpDocumentor that
> prevents access to that directory tree.

Also note that at first glance, this might look like an issue in
PhpDocumentor, a separate module, which DOES have the bug-559668.php file;
however, it doesn't have the vulnerable FORUM[LIB] line, so this must have
been added by the Sitellite developer.

- Steve


More information about the VIM mailing list