[VIM] SAXON news.php RFI

security curmudgeon jericho at attrition.org
Tue May 20 03:42:37 UTC 2008


SAXON news.php template Variable Remote File Inclusion
2006-06-13
http://archives.neohapsis.com/archives/bugtraq/2006-06/0242.html
(no CVE?)

This was challenged quickly and said to be a false report, noting the 
researcher is unreliable as well.

Just noticed that the same program/script/variable was reported later:

SAXON news.php template Variable Remote File Inclusion
2007-05-20
http://archives.neohapsis.com/archives/bugtraq/2007-05/0306.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2861


No one challenged it the 2nd time around. I wonder if no one noticed, no 
one cared (RFI saturation) or if it became vulnerable since the first 
report...


More information about the VIM mailing list