[VIM] Jupiter CMS file include - CVE dispute

Steven M. Christey coley at mitre.org
Mon Aug 28 18:33:56 EDT 2006


Researcher: "D3nGeR"

Ref: BUGTRAQ:20060825 Jupiter CMS 1.1.5 index.php Remote File Include
http://www.securityfocus.com/archive/1/archive/1/444421/100/0/threaded


D3nGeR includes the following code snippet:

  $template = "default";
  include "templates/$template/id.php";

Looks like the good ol' grep-and-gripe.

I downloaded the code, and while $template is used heavily, it's set
to constant values or (probably) admin-controlled configuration
values.

So, CVE disputes this.

- Steve


More information about the VIM mailing list