[VIM] [Fwd: SPAW Editor PHP Edition]
Steven M. Christey
coley at linus.mitre.org
Fri Mar 2 15:35:35 EST 2007
By the way, it's been on my to-do list to investigate other disclosures
involving $spaw_root in other products; looks like SPAW Editor is included
in other products.
CVE-2006-5459 - Download-Engine
CVE-2006-5291 - Download-Engine
CVE-2006-4656 - Web Provence SL_Site
CVE-2006-2928 - CMS-Bandits
CVE-2006-2519 - phpwcms
It kinda bugs me when it takes us 5 CVE's to realize that we might be
dealing with a third-party component :-/
spaw_control.class.php is most frequently mentioned, but other files are
mentioned too. Some of these files might be glue code for the specific
product.
- Steve
More information about the VIM
mailing list