[VIM] twice doubtful: Maran PHP Shop SQL injection issues

str0ke str0ke at milw0rm.com
Thu Feb 26 15:00:05 UTC 2009

Steven M. Christey wrote:
> According to http://www.maran.pamil-visions.com/index.php, Maran PHP Shop
> "don't use mySQL for DB, is using flat file .txt."
> So it's interesting that at least two disclosures claim SQL injection.
Every file that was stated to have a vulnerability has been updated
(Feb1st2009).  Little hard to go by the new product and what the product
was before the changes. 

P.S> JoSS is usually right on the dot since he tests locally.


More information about the VIM mailing list