[VIM] PhpWebThings mess
Steven M. Christey
coley at mitre.org
Wed Dec 14 00:27:37 EST 2005
Haven't investigated the whole thing, especially other people's DBs,
but it's messy enough that some ppl might have missed something.
1) the PHP-CHECKER report includes overlapping attack vectors with
older vulns in PhpWebThings (actually it does this for a couple
products). CVE pending.
BUGTRAQ:20051105 XSS & SQL injection in phpWebThing
vector: forum.php/forum parameter
3) CVE-2005-4218 (pending) is a retrogod exploit for the forum
parameter in CVE-2005-3585, but also adds "a more chritical
injection in msg parameter that works with magic_quotes_gpc on"
More information about the VIM