[VIM] disputed: CVE-2010-0158 JoomlaBamboo (JB) Simpla Admin SQL injection
Steven M. Christey
coley at linus.mitre.org
Wed Feb 3 00:00:59 UTC 2010
Researcher: R3d-D3v!L
The CVE team has received a dispute of the following issue. More details
later if the vendor is willing to provide a public statement. The
software is not immediately downloadable, so I could not independently
research the issue.
- Steve
======================================================
Name: CVE-2010-0158
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0158
Reference: MISC:http://packetstormsecurity.org/1001-exploits/joomlabamboo-sql.txt
Reference: MISC:http://www.exploit-db.com/exploits/10971
Reference: BID:37579
Reference: URL:http://www.securityfocus.com/bid/37579
Reference: VUPEN:ADV-2010-0014
Reference: URL:http://www.vupen.com/english/advisories/2010/0014
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin
template for Joomla! allows remote attackers to execute arbitrary SQL
commands via the id parameter in an article action to the com_content
component, reachable through index.php.
More information about the VIM
mailing list