[VIM] Vendor ACK for simplog SQL issues
Steven M. Christey
coley at mitre.org
Tue Sep 27 14:47:11 EDT 2005
The bug report in the CONFIRM reference below has been marked with a
"Verified" status and a "Fixed" resolution.
It's being tagged as SQL injection by some VDB's but only some of the
demo URLs suggest it.
Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL
commands or trigger SQL error messages via invalid (1) pid, (2)
blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid
parameter to blogadmin.php.
More information about the VIM