[VIM] PhpWebThings mess

Steven M. Christey coley at mitre.org
Wed Dec 14 00:27:37 EST 2005

Haven't investigated the whole thing, especially other people's DBs,
but it's messy enough that some ppl might have missed something.

1) the PHP-CHECKER report includes overlapping attack vectors with
   older vulns in PhpWebThings (actually it does this for a couple
   products).  CVE pending.

2) CVE-2005-3585

   BUGTRAQ:20051105 XSS & SQL injection in phpWebThing

   vector: forum.php/forum parameter

3) CVE-2005-4218 (pending) is a retrogod exploit for the forum
   parameter in CVE-2005-3585, but also adds "a more chritical
   injection in msg parameter that works with magic_quotes_gpc on"


More information about the VIM mailing list