[VIM] Cyboards PHP RFI: true for 1.21, fixed in at least 1.25

Steven M. Christey coley at mitre.org
Wed Apr 11 23:57:09 UTC 2007

Researcher: bd0rk
Ref: http://www.milw0rm.com/exploits/3660

Version 1.21 is the URL provided by the researcher.

Version 1.25 was obtained from

A diff of include/default_header.php says:

diff -r cyboards-morph/include/default_header.php cyboards/include/default_header.php
<   echo "<style>\n";
<   include("$script_path/include/default_style.css");
<   echo "\n</style>";
>   echo "<LINK REL=STYLESHEET HREF='$script_url/include/default_style.css' TYPE='text/css'>\n\n"; 

So, the include got removed sometime between 1.21 and 1.25, probably

- Steve

More information about the VIM mailing list