[VIM] true: Focus/SIS RFI's (both vectors)
Steven M. Christey
coley at mitre.org
Tue Sep 18 18:45:27 UTC 2007
Researcher: ThE TiGeR
Ref: MILW0RM:4377
ThE TiGeR's disclosure was for FocusPath parameter in
CategoryBreakdownTime.php (aka CVE-2007-4806); Secunia/FrSIRT added
another executable, StudentFieldBreakdown.php, also with FocusPath.
Source inspection shows that the first executable line of each of
these files is:
include($FocusPath."/assets/SWF/charts.php");
- Steve
More information about the VIM
mailing list