[VIM] vendor dispute: 22066: SpireMedia CMS index.cfm cid Variable SQL Injection (fwd)
Steven M. Christey
coley at linus.mitre.org
Wed Jan 18 00:52:23 EST 2006
OK so it looks like it might just be a path disclosure issue from invalid
SQL syntax, at least based on error messages.
However, there is some evidence that there is also a minor XSS type issue
in the same parameter.
(gotta click on the link though)
Oh, but this one works alright:
More information about the VIM