[VIM] Re: [Change Request] 21213: randshop /themes/kategorie/index.php Multiple Variable SQL Injection (fwd)

security curmudgeon jericho at attrition.org
Wed Dec 7 14:43:42 EST 2005

---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Philipp Wunderlich <philipp.wunderlich at dierandgruppe.com>
Cc: moderators at osvdb.org
Date: Wed, 7 Dec 2005 14:43:01 -0500 (EST)
Subject: Re: [OSVDB Mods] [Change Request] 21213: randshop
     /themes/kategorie/index.php Multiple Variable SQL Injection

Hi Philipp,

: We fixed the bug and upgrade the actual download version on our website.
: The patch is also available in the forum and our customers are informed
: per mail.
:  I try to contact the Liz0ziM who found the bug but without success. So
: I try to send the websites with this secure information mails with this
: information.

According to the download page, 1.1 is the current version available for
download *and* the date listed is 2005-08-26 / 2005-10-20. This doesn't
seem to indicate a fix has been made for the version available?

The files in the version_1_1.zip have not been updated since 2005-10-20,
over a month before this vulnerability was disclosed (2005-11-28).


More information about the VIM mailing list