[VIM] old PHP issues

security curmudgeon jericho at attrition.org
Fri Jul 9 02:00:20 CDT 2010

On Fri, 9 Jul 2010, ascii wrote:

: On 07/09/2010 01:32 AM, security curmudgeon wrote:
: > Digging through old links to sort, found this again:
: > http://www.cr0w.ru/2009/03/self-contained-file-include-in-php-520.html
: > Would these be implementation specific, or flaws in PHP itself?
: It's a feature of PHP, known and exploited from many years, well before 
: 2009.

"feature" of PHP, "exploited from many years" =) Wording implies it is 
known functionality of PHP, but may be considered an exploit by others. 
PHP also has a history of downplaying or ignoring vulnerabilities, making 
this product specifically questionable as to the difference.

Any clarification?



More information about the VIM mailing list