[VIM] vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)
Steven M. Christey
coley at linus.mitre.org
Mon Aug 14 16:24:33 EDT 2006
Y'all might appreciate the text. I don't see any other way of handling
these things with our limited resources.
Reference: MLIST:[VIM] 20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)
** DISPUTED **
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and
earlier allows remote attackers to execute arbitrary SQL commands via
the cat parameter. NOTE: the vendor has disputed this issue, saying
"The vulnerability is without any basis and did not actually work."
CVE has not verified either the vendor or researcher statements, but
the original researcher is known to make frequent mistakes when
reporting SQL injection.
More information about the VIM