[VIM] Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities
George A. Theall
theall at tenablesecurity.com
Mon May 18 18:44:52 UTC 2009
The issues in milw0rm 8715 / BID 35007 don't look valid to me. The
code in the three files in 4.6.2 looks like:
include ("data/settings/langpref.php");
include ("data/inc/lang/en.php");
include ("data/inc/lang/$langpref");
The first of these consists entirely of:
<?php $langpref = "en.php"; ?>
and the second hardcodes variables named '$lang' and '$lang_' but
doesn't reference any request data. Has anybody else looked into them?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list