[VIM] osTicket 1.6 - Local File Inclusion
Steven M. Christey
coley at linus.mitre.org
Tue Nov 9 17:40:23 CST 2010
It would be good if Exploit-DB followed the practices that str0ke did with
milw0rm (on CVE and OSVDB's request) by leaving some kind of note about
what happened with the entry, instead of deleting it outright. This helps
when you run across a broken URL 6 months later and you wonder if you had
a typo or a duplicate or whatever.
On Tue, 9 Nov 2010, Steve Tornio wrote:
> On Tue, Nov 9, 2010 at 8:26 AM, George A. Theall <theall at tenable.com> wrote:
>> Bugtraq ID 44739 / Exploit DB 15471 cover a local file inclusion issue
>> reported by d3v11 and affecting the 'module.php' script in osTicket 1.6. The
>> sample PoC SecurityFocus gives is:
> Exploit-DB yanked this one a little while ago. Apparently, it was
> approved in error.
>> Btw, the EDB advisory says the issue's been verified. What exactly does that
>> mean? Who's verified the vulnerability and how was it done?
More information about the VIM