[VIM] Milw0rm 4392 - CVE-2007-3997 [Dupe]
str0ke
str0ke at milw0rm.com
Tue Sep 11 21:46:33 UTC 2007
Original link
http://secweb.se/en/advisories/php-mysql-safe-mode-bypass-vulnerability/
Will check this out in a few and remove if its a dupe.
/str0ke
On 9/11/07, GM darkfig <gmdarkfig at gmail.com> wrote:
> Hi all,
> This bug was reported by Dave Wilson on 2002.
>
> **2002
> [PHP Bugs] http://bugs.php.net/bug.php?id=15408
> [Exploit] http://www.securiteam.com/exploits/5LP03156AC.html
>
> **2003
> [PHP Bugs] http://bugs.php.net/bug.php?id=23779
>
> **2007 [Dupe]
> [Milw0rm] http://www.milw0rm.com/exploits/4392
> [CVE] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3997
>
> The PHP team patched this vulnerability on PHP 5.2.4 (5 years after
> the submission).
> They credited Mattias Bengtsson (I think that he is also <php at jkt
> dot wz dot cz>) who posted (in 2003 and 2007) another one text about
> this.
>
> So, the credits goes to Dave Wilson.
> mattias at secweb.se, po at secweb.se and php at jkt.wz.cz doesn't have to be
> credited for that.
>
> Next time, before writing a paper about a new vulnerability, they
> should search if the vulnerability has already been discovered.
>
More information about the VIM
mailing list