[VIM] twice doubtful: Maran PHP Shop SQL injection issues
str0ke
str0ke at milw0rm.com
Thu Feb 26 15:00:05 UTC 2009
Steven M. Christey wrote:
> According to http://www.maran.pamil-visions.com/index.php, Maran PHP Shop
> "don't use mySQL for DB, is using flat file .txt."
>
> So it's interesting that at least two disclosures claim SQL injection.
>
>
Every file that was stated to have a vulnerability has been updated
(Feb1st2009). Little hard to go by the new product and what the product
was before the changes.
P.S> JoSS is usually right on the dot since he tests locally.
/str0ke
More information about the VIM
mailing list