[VIM] WordPress A Page Flip Book Plugin 'pageflipbook.php' Local File Include Vulnerability
George Theall
gtheall at tenable.com
Thu Jul 31 19:48:15 CDT 2014
Himanshu / Dinesh / Narayan / Venkat / Rob : I noticed that SecurityFocus recently created BID 68959 for a local file inclusion vulnerability in the WordPress A Page Flip Book plugin, presumably based on Henri Salo’s post at http://www.openwall.com/lists/oss-security/2014/07/30/2. Henri’s post in turn references a post from Charlie Eriksen over two years ago — http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/
I’m at a loss to understand how this new BID differs from BID 54368, which was created shortly after Charlie’s blog post came out originally. There’s a slight difference in the name of the plugin in the BIDs, but otherwise we’re looking at the same affected script, same affected parameter, same timeframe of discovery, even the same discoverer if you do a tiny bit of digging. This seems like a pretty obvious dup, doesn’t it?
George
--
theall at tenable.com
More information about the VIM
mailing list