[VIM] CVE-2006-7184 / OSVDB 33999 (Exhibit Engine)
security curmudgeon
jericho at attrition.org
Sat Jan 3 07:40:28 UTC 2009
CVE shows provenance unknown. I noticed that CVE/osvdb say "fstyles.php"
and "fetchsettings.php" are vulnerable. Nessus plugin 23640 shows
"styles.php" and I presume the author (not Tenable) tested the script.
Download requires registration, EE2_upgrade.zip (don't see a full
download, or a 1.x package) shows evidence of 'fetchsettings.php'
(basecode directory) and 'styles.php' (admin directory). There is no
evidence of 'fstyles.php'.
Note: CVE-2006-7183 covers Exhibit Engine and "styles.php" specifically.
Best guess is that fstyles.php is either a typo, or part of an
install/upgrade I don't see available after a brief search.
More information about the VIM
mailing list