[VIM] Vendor ACK (basically) for Drake CMS RFI (CVE-2006-5767)
Steven M. Christey
coley at mitre.org
Tue Dec 26 21:03:15 EST 2006
http://sourceforge.net/forum/forum.php?forum_id=636860
The vendor acknowledges the issue but notes that the product is
regarded as an alpha version:
Drake CMS v0.2.2 alpha rev.846 was affected by a possible remote
file inclusion vulnerability... The vulnerability could be exploited
only when the PHP host had the register_globals INI setting enabled;
it has been fixed in subsequent releases... We do not consider
security reports valid until the first official release of Drake
CMS."
- Steve
More information about the VIM
mailing list