Upgrade to version 2.5.07 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Note: This issue was thought to be fixed in 2.5.06 but due to an incomplete patch that used a permissive regular expression to validate an IP address, SQL injection could still occur.
Secunia Advisory ID:24221 Other Advisory URL: http://milw0rm.com/exploits/3338 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0348.html Mail List Post: http://attrition.org/pipermail/vim/2007-March/001429.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0102.html Keyword: aka the "File Disclosure Exploit." CVE-2007-1493 CVE-2007-1172