[VIM] WF-Sections SQL injection vendor ack; shows up in other modules
Steven M. Christey
coley at mitre.org
Wed Apr 11 22:47:29 UTC 2007
Refs: milw0rm 3644, 3645, 3646
Probably only OSVDB and CVE make these distinctions, but these recent
disclosures all seem to stem from the same core module called
"WF-Section: 1.01 (which was apparently renamed to "WF-Sections 1.02"
in the fix). Looks like WF-Section(s) was popular enough that others
wanted to modify it.
Vendor ack is here:
Diff's between WF-Sections 1.02's print.php and the print.php's from
zmagazine and XFsection show sufficient commonality, but also
demonstrate that the modifications of the original WF-Sections code
were more than just a couple cosmetic changes, although version
discrepancies are probably making things worse, too.
More information about the VIM