Author: nion Date: 2008-07-13 15:44:02 +0000 (Sun, 13 Jul 2008) New Revision: 9327 Modified: data/CVE/list Log: CVE-2007-2326 non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-13 12:56:01 UTC (rev 9326) +++ data/CVE/list 2008-07-13 15:44:02 UTC (rev 9327) @@ -18732,9 +18732,13 @@ CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...) NOT-FOR-US: HTMLeditbox CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...) - - smarty <unfixed> (medium; bug #488523) - - moodle <unfixed> (medium; bug #488525) - - gallery2 <unfixed> (medium; bug #488527) + - smarty <unfixed> (unimportant; bug #488523) + - moodle <unfixed> (unimportant; bug #488525) + - gallery2 2.2.5-2 (unimportant; bug #488527) + NOTE: this is a non-issue + NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory + NOTE: (should be the case for embedded copies), however + NOTE: additionally this relies on register_globals being switched on CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...) NOT-FOR-US: MyNewsGroups CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...)