[VIM] Re: [Change Request] 21213: randshop
/themes/kategorie/index.php Multiple Variable SQL Injection (fwd)
security curmudgeon
jericho at attrition.org
Wed Dec 7 14:43:42 EST 2005
---------- Forwarded message ----------
From: security curmudgeon <jericho at attrition.org>
To: Philipp Wunderlich <philipp.wunderlich at dierandgruppe.com>
Cc: moderators at osvdb.org
Date: Wed, 7 Dec 2005 14:43:01 -0500 (EST)
Subject: Re: [OSVDB Mods] [Change Request] 21213: randshop
/themes/kategorie/index.php Multiple Variable SQL Injection
Hi Philipp,
: We fixed the bug and upgrade the actual download version on our website.
: The patch is also available in the forum and our customers are informed
: per mail.
: I try to contact the Liz0ziM who found the bug but without success. So
: I try to send the websites with this secure information mails with this
: information.
According to the download page, 1.1 is the current version available for
download *and* the date listed is 2005-08-26 / 2005-10-20. This doesn't
seem to indicate a fix has been made for the version available?
The files in the version_1_1.zip have not been updated since 2005-10-20,
over a month before this vulnerability was disclosed (2005-11-28).
Brian
OSVDB.org
More information about the VIM
mailing list