[VIM] Possibly Bogus: Seditio v121 (plug.php h) Remote File Disclosure Vulnerability

[George A. Theall]

I *think* milw0rm 3904 is bogus. The problem is that various parameters, 
including 'h', are sanitized at the start of 
'system/core/plug/plug.inc.php' of non-alphanumeric characters via calls 
to sed_import(), effectively removing directory traversal sequences. The 
PoC definitely doesn't work on an install I have of v110, and the code 
seems much the same in v121. Still, it's late so perhaps I'm just 
overlooking something. Anyone else?

George
-- 
theall at tenablesecurity.com