[VIM] Dreampics Builder (exhibition_id) Remote SQL Injection Vulnerability

George A. Theall theall at tenablesecurity.com
Tue Aug 18 17:33:46 UTC 2009


milw0rm 9451 looks rather similar to an issue discovered by xoron  
earlier this year and covered by milw0rm 7968 / OSVDB 51741 /  
CVE-2009-0445. Except that xoron says it's a blind SQL injection vuln  
while Mr. SQL suggests a plain SQL injection attack works. Anybody  
have access to the source and can confirm either way? Do they involve  
different versions?

George
-- 
theall at tenablesecurity.com





More information about the VIM mailing list