[VIM] Unrestricted file upload vulnerabilities
Steven M. Christey
coley at mitre.org
Wed Sep 6 20:32:51 EDT 2006
FYI, we're seeing enough issues where someone can upload a file with
an executable extension like .php, then access the file to execute
code, that CVE is going to start calling them "Unrestricted file
upload" issues. Heck, it's even consistent with what we call it in
CWE :) Suggestions for other terms welcome... suppose I should ask the
web app security people what they call this...
- Steve
More information about the VIM
mailing list