[VIM] Jupiter CMS file include - CVE dispute

Steven M. Christey coley at mitre.org
Mon Aug 28 18:33:56 EDT 2006

Researcher: "D3nGeR"

Ref: BUGTRAQ:20060825 Jupiter CMS 1.1.5 index.php Remote File Include

D3nGeR includes the following code snippet:

  $template = "default";
  include "templates/$template/id.php";

Looks like the good ol' grep-and-gripe.

I downloaded the code, and while $template is used heavily, it's set
to constant values or (probably) admin-controlled configuration

So, CVE disputes this.

- Steve

More information about the VIM mailing list