[VIM] Provable vendor ack for phpCMS

Steven M. Christey coley at mitre.org
Thu Jun 2 16:44:00 EDT 2005

The recent phpCMS class.layout_phpcms.php/language file
include/directory traversal vulnerability is described here:

 :REFERENCE BUGTRAQ:20050602 SEC-CONSULT SA20050602-1 :: Arbitrary File Inclusion in phpCMS 1.2.x

Researcher claims acknowledgement, but the text here:


is somewhat vague - "There was a security vulnerability discovered."

Proof of vendor acknowledgement of this specific issue follows:

 - the download ZIP file for the security fix mainly includes
   class.layout_phpcms.php, which has hard-coded values for the
   language parameter.

 - In addition, source code review of the CVS repository for
   class.layout_phpcms.php here:


   shows that the original 1.2.1 version used user input for the
   language parameter:


   (where the version for the security fix looks like this:

      if ($_GET['language'] == 'de') {
      } else {

Thus, the bug mentioned in the Bugtraq post was fixed by this security

- Steve

More information about the VIM mailing list