[VIM] CyBoards PHP uncertainties (RFI/path traversal)
Steven M. Christey
coley at linus.mitre.org
Tue Aug 19 19:02:30 UTC 2008
Ref: http://packetstormsecurity.org/0808-exploits/cyboards-rfilfixss.txt
BID:30688
XF:cyboardsphplite-scriptpath-file-include(44474)
Researcher: C r a C k E r
from one of our analysts:
The researcher says CyBoards PHP Lite v1.21 from hotscripts.com. It
is unclear how to download 1.21 from hotscripts.com; apparently only
1.25 is available. For many of the vectors specified by the
researcher, the CVE-2006-2871 VIM discussion applies. Specifically,
if the installation follows the instructions, the include of
include/config.php is a valid include that defines script_path
before use. (On the other hand, if the product were simply extracted
under the web root, it would probably be vulnerable.) Note that,
although default_header.php RFI was fixed in later versions (see the
CVE-2007-1983 VIM reference), the code change in question is not
generally applicable to other files.
- Steve
More information about the VIM
mailing list