[VIM] "Web Server Creator" vuln dup

Steven M. Christey coley at linus.mitre.org
Tue Sep 12 13:32:28 EDT 2006

> BTW, I couldn't find a CVE number for the original vuln.

We just created one as a result of the rediscovery; see below.

- Steve

Name: CVE-2002-2217
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2217
Reference: MISC:http://www.frog-man.org/tutos/WSC-WebPortal.txt
Reference: MISC:http://www.milw0rm.com/exploits/2318
Reference: BID:19896
Reference: URL:http://www.securityfocus.com/bid/19896
Reference: SECTRACK:1005712
Reference: URL:http://securitytracker.com/id?1005712
Reference: XF:webservercreator-customize-file-include(28815)
Reference: URL:http://xforce.iss.net/xforce/xfdb/28815

Multiple PHP remote file inclusion vulnerabilities in Web Server
Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to
execute arbitrary PHP code via a URL in the (1) l parameter to
customize.php or the (2) pg parameter to index.php.

More information about the VIM mailing list