[VIM] disputed: CVE-2010-0158 JoomlaBamboo (JB) Simpla Admin SQL injection

Steven M. Christey coley at linus.mitre.org
Wed Feb 3 00:00:59 UTC 2010

Researcher: R3d-D3v!L

The CVE team has received a dispute of the following issue.  More details 
later if the vendor is willing to provide a public statement.  The 
software is not immediately downloadable, so I could not independently 
research the issue.

- Steve

Name: CVE-2010-0158
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0158
Reference: MISC:http://packetstormsecurity.org/1001-exploits/joomlabamboo-sql.txt
Reference: MISC:http://www.exploit-db.com/exploits/10971
Reference: BID:37579
Reference: URL:http://www.securityfocus.com/bid/37579
Reference: VUPEN:ADV-2010-0014
Reference: URL:http://www.vupen.com/english/advisories/2010/0014

SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin
template for Joomla! allows remote attackers to execute arbitrary SQL
commands via the id parameter in an article action to the com_content
component, reachable through index.php.

More information about the VIM mailing list