[VIM] SAXON news.php RFI
security curmudgeon
jericho at attrition.org
Tue May 20 03:42:37 UTC 2008
SAXON news.php template Variable Remote File Inclusion
2006-06-13
http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html
(no CVE?)
This was challenged quickly and said to be a false report, noting the
researcher is unreliable as well.
Just noticed that the same program/script/variable was reported later:
SAXON news.php template Variable Remote File Inclusion
2007-05-20
http://archives.neohapsis.com/archives/bugtraq/2007-05/0306.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2861
No one challenged it the 2nd time around. I wonder if no one noticed, no
one cared (RFI saturation) or if it became vulnerable since the first
report...
More information about the VIM
mailing list