[VIM] PhpWebThings mess
Steven M. Christey
coley at mitre.org
Wed Dec 14 00:27:37 EST 2005
Haven't investigated the whole thing, especially other people's DBs,
but it's messy enough that some ppl might have missed something.
1) the PHP-CHECKER report includes overlapping attack vectors with
older vulns in PhpWebThings (actually it does this for a couple
products). CVE pending.
2) CVE-2005-3585
BUGTRAQ:20051105 XSS & SQL injection in phpWebThing
http://marc.theaimsgroup.com/?l=bugtraq&m=113122187101383&w=2
vector: forum.php/forum parameter
3) CVE-2005-4218 (pending) is a retrogod exploit for the forum
parameter in CVE-2005-3585, but also adds "a more chritical
injection in msg parameter that works with magic_quotes_gpc on"
http://rgod.altervista.org/phpwebth14_xpl.html
More information about the VIM
mailing list