[VIM] OSVDB 67800 / CVE-2010-3205 - Textpattern dispute
security curmudgeon
jericho at attrition.org
Sat Oct 2 16:07:01 CDT 2010
http://osvdb.org/show/osvdb/67800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3205
This is not a vulnerability. The code in question does not execute until
after separate authentication and authorization checks. Even a logged-in
user with full privileges cannot get this code to include a file from
outside the application.
Comment submitted from:
Frontier Communications of America, Inc. FRTR-71-111-192-0
(NET-71-111-192-0-1) 71.111.192.0 - 71.111.255.255
More information about the VIM
mailing list