[VIM] Older VWar issue reported on vendor web site

Steven M. Christey coley at mitre.org
Wed Mar 29 18:34:49 EST 2006


FYI, the VWar home page at http://www.vwar.de has an item "25.11.2005
... fixed: XSS bug in functions_admin.php which could allow malicious
users to include a (remote) file and eg. execute php commands on the
server hosting vwar ... thanks to Cedric Dubois from
http://www.priorweb.be for reporting this leak."  While referred to as
XSS, it sounds like a file inclusion problem to me.  Though remote URL
inclusion *is* usually about sending scripts from one site to
another... ;-)

- Steve


More information about the VIM mailing list