[VIM] [Bogus - partly] V TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability (fwd)

rkeith at securityfocus.com rkeith at securityfocus.com
Fri Jan 12 15:10:58 EST 2007


http://www.milw0rm.com/exploits/3118

Half of this is bogus. In i-index.php the $chemin parameter is clearly 
defined. However in the i-accueil.php script this appears legit.

In i-index.php:
Line 12:  $chemin = "." ;

--
Rob Keith
Symantec


More information about the VIM mailing list