[VIM] shared code incolving pcltar.lib.php/g_pcltar_lib_dir RFI

George A. Theall theall at tenablesecurity.com
Tue May 15 00:37:17 UTC 2007

On 05/14/07 18:13, Steven M. Christey wrote:

> Various disclosures for separate products have involved RFI in a file
> named "pcltar.lib.php" (or pcltar.php) using $g_pcltar_lib_dir.  CVE
> analysis has shown that this stems from the Tar module 1.3 for Vincent
> Blavet PhpConcept Library, called PclTar.  The current version (dated
> 2003), 1.3.1, also has the problem.

Also affected is ZPanel (2.0 as well as 2.5 beta 11, both of which are 
current). The affected file is in the subdirectory 'filemanager/includes'.

I also found it used by Mambo (I looked at 4.5.1 - 4.6.1), Joomla (1.0.0 
and up), and e107 (0.7.2 - 0.7.5), but modified in such a way as to 
prevent calling the affected file directly. The only exception was the 
previously-mentioned Joomla 1.5 beta.

theall at tenablesecurity.com

More information about the VIM mailing list