[VIM] ES Simple Download 1.0 Local File Inclusion Vulnerability

rkeith rkeith at securityfocus.com
Fri Sep 10 10:12:25 CDT 2010

Hey George,

Looks like someone didn't see the first when creating the second.

We'll have 43133 retired as a duplicate shortly.


George A. Theall wrote:
> Bugtraq ids 43124 and 43133 both cover a local file include
> vulnerability in EnergyScripts Simple Download 1.0 involving the 'file'
> parameter of the 'download.php' script. 43124 uses an exploit that's
> nearly identical to the one in Exploit DB 14960 while 43133 differs only
> in the value of 'file'. Both are attributed to Kazza. So, why two BIDs?
> Rob?
> George

Rob Keith

More information about the VIM mailing list