[VIM] CVE dispute - phpMyConferences RFI
Steven M. Christey
coley at mitre.org
Thu Nov 2 20:58:20 EST 2006
Researcher: mfp.c
Issue: phpMyConferences <= 8.0.2 Remote File Inclusion
http://www.securityfocus.com/archive/1/archive/1/450140/100/0/threaded
The referenced code:
# if (!$gloaded_modules[$image_name])
# {
# include($lvc_modules_dir.'/'.$module_name.'.module.php');
# $gloaded_modules[$module_name] = true;
# }
is missing some context, i.e.:
function insert_cached_module($module_desc)
{
...
global $lvc_modules_dir;
...
if (!$gloaded_modules[$module_name])
{
include($lvc_modules_dir.'/'.$module_name.'.module.php');
Since this include is within a function definition, the claimed
exploit (direct request to library.inc.php) should not work.
I'm unclear on whether a global declaration for a variable within a
function definition is sufficient to override initialization from
things like GET requests, but at best, the direct request to
library.inc.php appears erroneous.
- Steve
More information about the VIM
mailing list