CVE-2008-5186 (retired)

Priority
Description
** DISPUTED ** The set_language_path function in geshi.php in Generic
Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to
conduct file inclusion attacks via crafted inputs that influence the
default language path ($path variable). NOTE: this issue has been disputed
by a vendor, stating that only a static value is used, so this is not a
vulnerability in GeSHi. Separate CVE identifiers would be created for web
applications that integrate GeSHi in a way that allows control of the
default language path.
Notes
Package
Upstream:released (0.0.20080505-3.1)
Package
Source: geshi (LP Ubuntu Debian)
Upstream:released (1.0.8.1-1)
Package
Upstream:released (1.0-1.1)
More Information

Updated: 2019-10-09 07:13:12 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)