[VIM] old PHP issues
security curmudgeon
jericho at attrition.org
Fri Jul 9 02:00:20 CDT 2010
On Fri, 9 Jul 2010, ascii wrote:
: On 07/09/2010 01:32 AM, security curmudgeon wrote:
: > Digging through old links to sort, found this again:
: > http://www.cr0w.ru/2009/03/self-contained-file-include-in-php-520.html
: > Would these be implementation specific, or flaws in PHP itself?
:
: It's a feature of PHP, known and exploited from many years, well before
: 2009.
"feature" of PHP, "exploited from many years" =) Wording implies it is
known functionality of PHP, but may be considered an exploit by others.
PHP also has a history of downplaying or ignoring vulnerabilities, making
this product specifically questionable as to the difference.
Any clarification?
Thanks,
Brian
More information about the VIM
mailing list