[VIM] vendor ack/fix: 21939: Baseline CMS Page.asp SiteNodeID Variable SQL Injection (fwd)
security curmudgeon
jericho at attrition.org
Wed Mar 8 05:58:45 EST 2006
---------- Forwarded message ----------
From: Dave McKay
To: moderators at osvdb.org
Date: Tue, 7 Mar 2006 20:15:26 -0500
Subject: [OSVDB Mods] [Change Request] 21939: Baseline CMS Page.asp SiteNodeID
Variable SQL Injection
Hi there,
Baseline CMS 2.0 does not have the same vulnerability as version 1.95. It
was released in Jan 2006 and validates all expected numeric data passed in
the querystring to make sure it only contains numeric characters. Earlier
versions all reside on our servers and have been patched.
Thanks,
Dave McKay
Vice-President
NMA
More information about the VIM
mailing list