[VIM] vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)

Steven M. Christey coley at linus.mitre.org
Mon Aug 14 16:24:33 EDT 2006


Y'all might appreciate the text.  I don't see any other way of handling
these things with our limited resources.

- Steve


======================================================
Name: CVE-2005-4232
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4232
Reference: MISC:http://pridels.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html
Reference: MLIST:[VIM] 20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)
Reference: URL:
Reference: BID:15848
Reference: URL:http://www.securityfocus.com/bid/15848
Reference: FRSIRT:ADV-2005-2879
Reference: URL:http://www.frsirt.com/english/advisories/2005/2879
Reference: OSVDB:21687
Reference: URL:http://www.osvdb.org/21687
Reference: SECUNIA:18007
Reference: URL:http://secunia.com/advisories/18007


** DISPUTED **

SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and
earlier allows remote attackers to execute arbitrary SQL commands via
the cat parameter.  NOTE: the vendor has disputed this issue, saying
"The vulnerability is without any basis and did not actually work."
CVE has not verified either the vendor or researcher statements, but
the original researcher is known to make frequent mistakes when
reporting SQL injection.




More information about the VIM mailing list