[VIM] tomatoCMS - dupe or not?
Steven M. Christey
coley at linus.mitre.org
Tue Jul 6 11:38:35 CDT 2010
alleged rediscovery by HTBridge here:
http://www.securityfocus.com/archive/1/512068/100/0/threaded
claim is "q" parameter in index.php, in 2.0.6.
Jericho claims dupe with original Secunia discovery here:
http://www.securityfocus.com/archive/1/archive/1/512189/100/0/threaded
but that issue, CVE-2010-1994, is the PATH_INFO in index.php, claimed to
be fixed in 2.0.5.
I suspect these are distinct vectors and vulns - Secunia?
- Steve
More information about the VIM
mailing list