[VIM] Deja Vu: phpMyNewsletter <= 0.6.12 (l) Remote File Include Exploit
George A. Theall
theall at tenablesecurity.com
Wed Apr 4 14:23:24 UTC 2007
Hey str0ke, this (milw0rm 3658) looks like a repeat of an issue reported
back in 2002 and covered by CVE-2002-1887 / Bugtraq ID 5886:
http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.html
http://archives.neohapsis.com/archives/bugtraq/2003-02/0074.html
The first original message was for version 0.6.10. The second is for
0.6.11, which contains a brain-damaged attempt to fix the issue.
Also note that the vendor link in milw0rm 3658 is actually for the
0.6.10 code even though bd0rk talks about 0.6.12 in the advisory.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list