[VIM] Vendor ACK (basically) for Drake CMS RFI (CVE-2006-5767)

Steven M. Christey coley at mitre.org
Tue Dec 26 21:03:15 EST 2006


The vendor acknowledges the issue but notes that the product is
regarded as an alpha version:

  Drake CMS v0.2.2 alpha rev.846 was affected by a possible remote
  file inclusion vulnerability... The vulnerability could be exploited
  only when the PHP host had the register_globals INI setting enabled;
  it has been fixed in subsequent releases... We do not consider
  security reports valid until the first official release of Drake

- Steve

More information about the VIM mailing list