[VIM] WordPress A Page Flip Book Plugin 'pageflipbook.php' Local File Include Vulnerability
Himanshu Mehta
Himanshu_Mehta at symantec.com
Fri Aug 1 13:47:12 CDT 2014
Hi,
Updated CVE-2012-6652 for BID: 54368.
BID: 68959 retired as a duplicate of BID 54368.
Regards,
Himanshu
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: Friday, August 01, 2014 6:18 AM
To: Vulnerability Information Managers
Subject: [VIM] WordPress A Page Flip Book Plugin 'pageflipbook.php' Local File Include Vulnerability
Himanshu / Dinesh / Narayan / Venkat / Rob : I noticed that SecurityFocus recently created BID 68959 for a local file inclusion vulnerability in the WordPress A Page Flip Book plugin, presumably based on Henri Salo's post at http://www.openwall.com/lists/oss-security/2014/07/30/2. Henri's post in turn references a post from Charlie Eriksen over two years ago - http://ceriksen.com/2012/07/10/wordpress-a-page-flip-book-plugin-local-file-inclusion-vulnerability/
I'm at a loss to understand how this new BID differs from BID 54368, which was created shortly after Charlie's blog post came out originally. There's a slight difference in the name of the plugin in the BIDs, but otherwise we're looking at the same affected script, same affected parameter, same timeframe of discovery, even the same discoverer if you do a tiny bit of digging. This seems like a pretty obvious dup, doesn't it?
George
--
theall at tenable.com
More information about the VIM
mailing list