[VIM] [Fwd: Geeklog search.php Failed SQL Query Path Disclosure]
Steven M. Christey
coley at linus.mitre.org
Mon Feb 20 14:25:54 EST 2006
Notice this:
> Also see <http://www.geeklog.net/article.php/geeklog-1.3.11sr3>
It addresses TWO vulns, not just the original r0t one. Associated CVE is
below.
- Steve
======================================================
Name: CVE-2005-4725
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4725
Reference: MISC:http://www.geeklog.net/forum/viewtopic.php?showtopic=61457
Reference: CONFIRM:http://www.geeklog.net/article.php/geeklog-1.3.11sr3
Geeklog before 1.3.11sr3 allows remote attackers to bypass intended
access restrictions and comment on an arbitrary story or topic by
guessing the story ID.
More information about the VIM
mailing list