[VIM] Vendor ACK for CaLogic PHP file include
Steven M. Christey
coley at mitre.org
Tue Jul 19 19:40:19 EDT 2005
Refs: CAN-2005-2321, SECUNIA:16090
Issue: PHP file include in CaLogic via CLPATH
Under the forum post "Code injection security issue? Site hacked!"
which details various successful hacks using this issue, the vendor
posts a response "I have addressed this security issue, and have
already released a patch. To patch your CaLogic, download the 1.2.2
distribution zip file... you can also stop the security leak by
deleting these 4 files from your CaLogic root folder: mcconfig.php
clmcpreload.php mcpi-demo.php cl_minical.php"
More information about the VIM