[VIM] Vendor ACK for simplog SQL issues

Steven M. Christey coley at mitre.org
Tue Sep 27 14:47:11 EDT 2005


The bug report in the CONFIRM reference below has been marked with a
"Verified" status and a "Fixed" resolution.

It's being tagged as SQL injection by some VDB's but only some of the
demo URLs suggest it.

- Steve


======================================================
Candidate: CAN-2005-3076
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3076
Reference: CONFIRM:http://www.simplog.org/bugs/bug.php?op=show&bugid=55
Reference: BID:14897
Reference: URL:http://www.securityfocus.com/bid/14897
Reference: SECUNIA:16881
Reference: URL:http://secunia.com/advisories/16881

Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL
commands or trigger SQL error messages via invalid (1) pid, (2)
blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid
parameter to blogadmin.php.




More information about the VIM mailing list