[VIM] source verify of Minerva (phpbb_root_path) issue

Steven M. Christey coley at mitre.org
Thu Jun 15 01:19:21 EDT 2006


ref: http://milw0rm.com/exploits/1908


Use of phpbb_root_path is all over the place these days, isn't it?  I
suspected a combined-module issue but sure enough, in the latest code
(July 2004) I verified it.

In Minerva-237/stat_modules/users_age/module.php , the first
non-commented statement is:

    include_once($phpbb_root_path.'includes/functions_color_groups.'.$phpEx);


- Steve


More information about the VIM mailing list