[VIM] CMS Made Simple eval injection is really an ADOdb Lite problem
George A. Theall
theall at tenablesecurity.com
Mon Sep 24 16:59:36 UTC 2007
On 09/24/07 12:54, Steven M. Christey wrote:
> lib/adodb_lite/adodb-perf-module.inc.php in CMS Made Simple is an
> exact copy of adodb-perf-module.inc.php as distributed in ADOdb Lite
> 1.42 from here:
...
> Note that adodb-perf.inc.php in the "regular" ADOdb doesn't have an
> eval at all, so this appears to be specific to ADOdb Lite.
Right. ADOdb Lite is a lightweight version of ADOdb. Besides CMS Made
Simple, it's also used in paFileDB 3.6 (but not 3.53), under
"/includes/adodb".
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list