[VIM] site specific, not product: 21240: eazyCMS

security curmudgeon jericho at attrition.org
Wed Jan 11 04:34:34 EST 2006



---------- Forwarded message ----------
From: Toby Maxwell-Lyte
To: security curmudgeon <jericho at attrition.org>
Date: Wed, 11 Jan 2006 09:29:42 +0000
Subject: Re: [OSVDB Mods] [Change Request] 21240: eazyCMS home.php page_id
     Variable SQL Injection

yes, this is correct. eazyCMS is fully hosted solution. When our clients 
purchase a website from us we supply them with eazyCMS so that they can update 
the content of their website that we are hosting for them.

This is why I was slightly puzzled to see vulnerability reports appearing on 
the web about our product.

Kind regards,
Toby


security curmudgeon wrote:
> : We have fixed this bug via an upgrade. All our clients run off the same : 
> system and thus benefit immediately from any updates, patches or fixes : that 
> we perform. As we also host the system we have full control over : ensuring 
> that it is secure for all our clients.
> 
> Wait.. so eazyCMS is not a downloadable product, but a service your company 
> offers?
> 
> Brian
> OSVDB.org



More information about the VIM mailing list