On 12/6/06, Cameron Dale <[EMAIL PROTECTED]> wrote:
On 12/4/06, Stefan Fritsch <[EMAIL PROTECTED]> wrote:
> The metaInfo.php issue doesn't seem to be fixed in 2.2
To be clear, I would like to point out that the more serious remote
command execution using metaInfo.php IS fixed in 2.2.
Sorry for the confusion and multiple messages, but as I mentioned in
my other email, this is exploitable in 2.2, though it is a little
harder than in 2.1. My mistake.
Cameron
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
