[VIM] WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit (fwd)

Steven M. Christey coley at linus.mitre.org
Fri Oct 6 14:08:09 EDT 2006



---------- Forwarded message ----------
Date: Fri, 6 Oct 2006 14:05:11 -0400 (EDT)
From: Steven M. Christey <coley at mitre.org>
To: bugtraq at securityfocus.com
Subject: Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit


There are some important errors in this post that appear to stem from
incomplete editing of a previous advisory for an unrelated product,
webnews (CVE-2006-5100).

The subject line says 1.4, but the version referenced at the end of
the post is 1.2.3, which is dated October 2, 2006; so there doesn't
appear to be any 1.4.

The subject line also mentions WN_BASEDIR, but the demonstration
exploit uses includeDir instead.

- Steve


More information about the VIM mailing list