[VIM] Provable ACK for SPiD lang.php file include
Steven M. Christey
coley at mitre.org
Mon Jul 11 17:04:13 EDT 2005
Ref: SECTRACK:1014437
(CAN-2005-2198 forthcoming)
Changelog:
http://spid.adnx.net/index_en.html#log
The changelog for 1.3.1, which was updated on 2005/07/11, says "Fix
vulnerability in lang.php (For those using 1.3.0, you just have to
copy the new lang/lang.php file over)." A look at lang.php shows that
it exits if $lang_path is set by an HTTP request.
- Steve
More information about the VIM
mailing list