[VIM] Deja Vu: phpMyNewsletter <= 0.6.12 (l) Remote File Include Exploit

George A. Theall theall at tenablesecurity.com
Wed Apr 4 14:23:24 UTC 2007

Hey str0ke, this (milw0rm 3658) looks like a repeat of an issue reported 
back in 2002 and covered by CVE-2002-1887 / Bugtraq ID 5886:


The first original message was for version 0.6.10. The second is for 
0.6.11, which contains a brain-damaged attempt to fix the issue.

Also note that the vendor link in milw0rm 3658 is actually for the 
0.6.10 code even though bd0rk talks about 0.6.12 in the advisory.

theall at tenablesecurity.com

More information about the VIM mailing list