On Thu, 1 Feb 2007, str0ke wrote: > The program is vulnerable: $config[sipssys] is the first line of code > in the file box.inc.php. Also, this is a rediscovery - CVE-2006-4733, posted to Bugtraq by ThE__LeO in Sep 2006, although that one only claimed 0.2.2. - Steve