[VIM] Re: PHP-Fusion v6.00.109 SQL Injection / admin|users
jericho at attrition.org
Fri Sep 30 05:54:17 EDT 2005
: I believe that this thing has been discovered and fixed long time ago.
: check this out, maybe I am wrong:
POST fields pm_email_notify and pm_save_sent are not properly sanitized.
msg_send=' UNION SELECT [..]
BID 14489 / OSVDB 18708:
So three advisories or points of disclosure, 4 different variables, all in
messages.php it seems. Close, but this seems like a different issue.
More information about the VIM