[VIM] false? CVE-2008-6049 / TinyMCE SQL injection
George A. Theall
theall at tenablesecurity.com
Tue Mar 17 21:09:31 UTC 2009
On Mar 17, 2009, at 4:13 PM, Steven M. Christey wrote:
>
> Researcher: AnGeL25dZ
>
> http://www.milw0rm.com/exploits/7506
>
> As noted by Nico Golde here:
>
> http://www.openwall.com/lists/oss-security/2009/02/08/1
>
> There's no PHP code. http://tinymce.moxiecode.com/ says "Javascript
> WYSIWYG Editor."
For what it's worth, TinyMCE has been integrated into a variety of
CMSes (eg, see http://wiki.moxiecode.com/index.php/
TinyMCE:CMS_systems), some of which use PHP to call it (eg, Joomla).
Perhaps the issue isn't in TinyMCE per se but in one of those other
products.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list