[VIM] Vendor ACK for W-Agora directory traversal
Steven M. Christey
coley at mitre.org
Mon Aug 22 14:42:03 EDT 2005
An e-mail inquiry to the vendor resulted in an acknowledgement. See
>Thank you for your email.
>Yes, I've been recently informed of this vulnerability.
>After several tests on various platforms and PHP versions, it seems
>vulnerability can only be successfully exploited on windows systems
>and only if
>magic_quote_gpc is set to off. I couldn't reproduce the problem on
>The fix consists in replacing line #132 in init.inc and line #25 in
>$site = empty($site) ? 'agora' : $site;
>$site = empty($site) ? 'agora' : trim(basename($site));
>I will release a patch and a new release in the next few days.
Reference: BUGTRAQ:20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
Reference: FULLDISC:20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and
earlier allows remote attackers to read arbitrary files via the site
More information about the VIM