[VIM] wrong but true: "webCMS" database disclosure is actually for wabCMS

Steven M. Christey coley at mitre.org
Thu May 31 21:58:10 UTC 2007


"Researcher": the_Edit0r

Reference: BUGTRAQ "webCMS_1.00 Database Disclosure Vulnerabilitiy"


the_Edit0r claims the issue is for "webCMS", but that product is
offered by TYPOlight, is written in PHP, and has no .mdb in sight.

On the other hand, "wabCMS" is offered on the www.thex-machine.com
site as mentioned by the_Edit0r, and has a .mdb file "wabcmsn.mdb"
(not webcmsn.mdb).

How or why "wab" got replaced by "web" is unknown.

SECUNIA:25453 was for wabCMS, and the original CVE analyst noticed the
discrepancy, which led to this analysis.

- Steve


More information about the VIM mailing list