[VIM] [Fwd: Geeklog search.php Failed SQL Query Path Disclosure]

Steven M. Christey coley at linus.mitre.org
Mon Feb 20 14:25:54 EST 2006

Notice this:

> Also see <http://www.geeklog.net/article.php/geeklog-1.3.11sr3>

It addresses TWO vulns, not just the original r0t one.  Associated CVE is

- Steve

Name: CVE-2005-4725
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4725
Reference: MISC:http://www.geeklog.net/forum/viewtopic.php?showtopic=61457
Reference: CONFIRM:http://www.geeklog.net/article.php/geeklog-1.3.11sr3

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended
access restrictions and comment on an arbitrary story or topic by
guessing the story ID.

More information about the VIM mailing list