[VIM] Looks Bogus: SPIP v1.7 Remote File Inclusion Bug

George A. Theall theall at tenablesecurity.com
Thu Aug 23 18:15:45 UTC 2007

The remote file include issue in SPIP reported by system-errrror here:


looks bogus to me. The code snippet claimed to show the vulnerability 
occurs in a function call shortly after the affected variable is set; ie:

                        ---- snip, snip, snip ----
function executer_squelette($squelette, $contexte) {
         if (!$fonctions_squelettes[$squelette]) {
                 $squelette_cache = 
                        ---- snip, snip, snip ----

This is from inc-calcul.php3 from version 1.7.2, 

Now I admit, I didn't bother setting up the app or tracing the code 
between where it's set and used above, but it sure smells bogus.

theall at tenablesecurity.com

More information about the VIM mailing list