[VIM] Older VWar issue reported on vendor web site
Steven M. Christey
coley at mitre.org
Wed Mar 29 18:34:49 EST 2006
FYI, the VWar home page at http://www.vwar.de has an item "25.11.2005
... fixed: XSS bug in functions_admin.php which could allow malicious
users to include a (remote) file and eg. execute php commands on the
server hosting vwar ... thanks to Cedric Dubois from
http://www.priorweb.be for reporting this leak." While referred to as
XSS, it sounds like a file inclusion problem to me. Though remote URL
inclusion *is* usually about sending scripts from one site to
another... ;-)
- Steve
More information about the VIM
mailing list