[VIM] Provable ACK for SPiD lang.php file include

Steven M. Christey coley at mitre.org
Mon Jul 11 17:04:13 EDT 2005


Ref: SECTRACK:1014437

(CAN-2005-2198 forthcoming)

Changelog:

  http://spid.adnx.net/index_en.html#log

The changelog for 1.3.1, which was updated on 2005/07/11, says "Fix
vulnerability in lang.php (For those using 1.3.0, you just have to
copy the new lang/lang.php file over)."  A look at lang.php shows that
it exits if $lang_path is set by an HTTP request.


- Steve


More information about the VIM mailing list