[VIM] CVE-2006-7184 / OSVDB 33999 (Exhibit Engine)

security curmudgeon jericho at attrition.org
Sat Jan 3 07:40:28 UTC 2009

CVE shows provenance unknown. I noticed that CVE/osvdb say "fstyles.php" 
and "fetchsettings.php" are vulnerable. Nessus plugin 23640 shows 
"styles.php" and I presume the author (not Tenable) tested the script.

Download requires registration, EE2_upgrade.zip (don't see a full 
download, or a 1.x package) shows evidence of 'fetchsettings.php' 
(basecode directory) and 'styles.php' (admin directory). There is no 
evidence of 'fstyles.php'.

Note: CVE-2006-7183 covers Exhibit Engine and "styles.php" specifically. 
Best guess is that fstyles.php is either a typo, or part of an 
install/upgrade I don't see available after a brief search.

More information about the VIM mailing list