[VIM] [Fwd: SPAW Editor PHP Edition]

Steven M. Christey coley at linus.mitre.org
Fri Mar 2 21:58:23 EST 2007


> From: security curmudgeon <jericho at attrition.org>
> To: OSVDB Mods <moderators at osvdb.org>
> Cc: Steven Christey <coley at mitre.org>
> Date: Mon, 27 Nov 2006 06:37:24 -0500 (EST)
> Subject: [OSVDB Mods] omg omg SPAW

Wow, I barely remember that email.  I must admit that we have some issues
with "institutional memory," e.g. codebase relationships, which CVE's need
some kind of tweak, etc.

> OSVDB 26368
> AWF CMS spaw_control.class.php spaw_root Variable Remote File Inclusion
>
> OSVDB 18155
> Website Generator spaw_control.class.php Direct Request Path Disclosure

Path disclosure eh?  Smells like insufficient diagnosis to me :)

- Steve


More information about the VIM mailing list