[VIM] [Fwd: SPAW Editor PHP Edition]

Steven M. Christey coley at linus.mitre.org
Fri Mar 2 15:35:35 EST 2007

By the way, it's been on my to-do list to investigate other disclosures
involving $spaw_root in other products; looks like SPAW Editor is included
in other products.

CVE-2006-5459 -  Download-Engine
CVE-2006-5291 -  Download-Engine
CVE-2006-4656 - Web Provence SL_Site
CVE-2006-2928 - CMS-Bandits
CVE-2006-2519 - phpwcms

It kinda bugs me when it takes us 5 CVE's to realize that we might be
dealing with a third-party component :-/

spaw_control.class.php is most frequently mentioned, but other files are
mentioned too.  Some of these files might be glue code for the specific

- Steve

More information about the VIM mailing list