[VIM] true: SimpCMS Light RFI
str0ke at milw0rm.com
Thu Apr 12 18:34:41 UTC 2007
Seems that the Medium / Heavy versions are also affected.
On 4/12/07, Steven M. Christey <coley at mitre.org> wrote:
> Researcher: Dr.RoVeR
> Ref: http://www.milw0rm.com/exploits/3705
> index.php calls functions.php, which itself contains:
> if (isset($_GET[site]))
> $site= "home";
> Later in index.php, we see the 'include $site.".php"' referenced by
> the researcher.
> So, in this case, it looks like we don't need register_globals.
> - Steve
More information about the VIM