[VIM] false: old Jobline RFI

Steven M. Christey coley at mitre.org
Wed Feb 14 13:56:49 EST 2007

Researcher: SpC-x
Ref: BUGTRAQ Jobline 1 1 1 Version - Remote File Include Vulnerability

Vector: admin.jobline.php?mosConfig_absolute_path=[RFI]

admin.jobline.php in Jobline Component 1.1.1, as obtained from
http://scripts.ringsworld.com/classified-ads/jobline-1-1-1/, starts
off with:

  defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

This product was released around October 2005, so if there's a vuln,
it's in an older version.

- Steve

More information about the VIM mailing list