>
> Sorry for not clarifying. This is another vulnerability. The patch made
> DOES NOT fix this vulnerability.
> The CGISecurity hole only allowed read, not execute, and the patch did not
> affect the az field.
The following information is correct. The hole we found effected the forum= field.
It only allowed remote file viewing and also had a nasty Denial of service effect
which caused a rm -rf effect to whatever dir the script itself was stored.
(Hopefully that part doesn't effect this new bug)
- zenomorph
