[VIM] Missed PHP file include in recent Calendarix
jericho at attrition.org
Wed Jun 8 03:18:38 EDT 2005
: BUGTRAQ:20050531 multiple vulnerability Calendarix Advanced
: Multiple VDBs seem to have missed the following portion of the post:
: line 16
I didn't create an entry for this because it wasn't clear what 'include'
entailed. Looking back, I probably should have created an unspecified type
entry until more details were discovered. Given that some vulns are file
inclusion, others are HTML inclusion, one I created today was for
arbitrary image inclusion.. just seeing "include" was not crystal clear.
My first take was this was relevant code to the other vulnerabilities.
: Thus it appears to be a typical file include issue where an include file
: depends on variables defined by previously included files, but is
: directly callable assuming the relevant PHP configuration etc. etc. etc.
More information about the VIM