[VIM] false? CVE-2008-6049 / TinyMCE SQL injection

George A. Theall theall at tenablesecurity.com
Tue Mar 17 21:09:31 UTC 2009


On Mar 17, 2009, at 4:13 PM, Steven M. Christey wrote:

>
> Researcher: AnGeL25dZ
>
> http://www.milw0rm.com/exploits/7506
>
> As noted by Nico Golde here:
>
>  http://www.openwall.com/lists/oss-security/2009/02/08/1
>
> There's no PHP code.  http://tinymce.moxiecode.com/ says "Javascript
> WYSIWYG Editor."

For what it's worth, TinyMCE has been integrated into a variety of  
CMSes (eg, see http://wiki.moxiecode.com/index.php/ 
TinyMCE:CMS_systems), some of which use PHP to call it (eg, Joomla).  
Perhaps the issue isn't in TinyMCE per se but in one of those other  
products.

George
-- 
theall at tenablesecurity.com





More information about the VIM mailing list