[VIM] Vendor ACK for CaLogic PHP file include

Steven M. Christey coley at mitre.org
Tue Jul 19 19:40:19 EDT 2005

Refs: CAN-2005-2321, SECUNIA:16090

Issue: PHP file include in CaLogic via CLPATH

Under the forum post "Code injection security issue? Site hacked!"
which details various successful hacks using this issue, the vendor
posts a response "I have addressed this security issue, and have
already released a patch. To patch your CaLogic, download the 1.2.2
distribution zip file...  you can also stop the security leak by
deleting these 4 files from your CaLogic root folder: mcconfig.php
clmcpreload.php mcpi-demo.php cl_minical.php"


- Steve

More information about the VIM mailing list