[VIM] false? CVE-2008-6049 / TinyMCE SQL injection

George A. Theall theall at tenablesecurity.com
Tue Mar 17 21:09:31 UTC 2009

On Mar 17, 2009, at 4:13 PM, Steven M. Christey wrote:

> Researcher: AnGeL25dZ
> http://www.milw0rm.com/exploits/7506
> As noted by Nico Golde here:
>  http://www.openwall.com/lists/oss-security/2009/02/08/1
> There's no PHP code.  http://tinymce.moxiecode.com/ says "Javascript
> WYSIWYG Editor."

For what it's worth, TinyMCE has been integrated into a variety of  
CMSes (eg, see http://wiki.moxiecode.com/index.php/ 
TinyMCE:CMS_systems), some of which use PHP to call it (eg, Joomla).  
Perhaps the issue isn't in TinyMCE per se but in one of those other  

theall at tenablesecurity.com

More information about the VIM mailing list