[VIM] bad report for EstateAgent?
Steven M. Christey
coley at mitre.org
Wed Aug 23 19:53:26 EDT 2006
BUGTRAQ:20060820 Mambo Component - EstateAgent Remote File Inclusion
Outlaw from Aria Security includes the following source code extract:
># Don't allow direct linking
>defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not
>require_once( $mainframe->getPath( 'front_html' ) );
Um - isn't this the recommended fix that Mambo told all component
developers to use? I don't have that URL on me at the moment.
Anyway, I can't get any source code to check - I couldn't find it on
the site after a cursory look - but I'm not sure this report is
correct, based on the above.
More information about the VIM