[VIM] site specific, not product: 21240: eazyCMS
jericho at attrition.org
Wed Jan 11 04:34:34 EST 2006
---------- Forwarded message ----------
From: Toby Maxwell-Lyte
To: security curmudgeon <jericho at attrition.org>
Date: Wed, 11 Jan 2006 09:29:42 +0000
Subject: Re: [OSVDB Mods] [Change Request] 21240: eazyCMS home.php page_id
Variable SQL Injection
yes, this is correct. eazyCMS is fully hosted solution. When our clients
purchase a website from us we supply them with eazyCMS so that they can update
the content of their website that we are hosting for them.
This is why I was slightly puzzled to see vulnerability reports appearing on
the web about our product.
security curmudgeon wrote:
> : We have fixed this bug via an upgrade. All our clients run off the same :
> system and thus benefit immediately from any updates, patches or fixes : that
> we perform. As we also host the system we have full control over : ensuring
> that it is secure for all our clients.
> Wait.. so eazyCMS is not a downloadable product, but a service your company
More information about the VIM