[VIM] Bugtraq IDs 32763 and 42836

George A. Theall theall at tenable.com
Tue Sep 21 12:21:08 CDT 2010

It seems like Bugtraq ID 42836 covers one of the vulnerabilities in  
Max's Guestbook already covered by Bugtraq ID 32763 -- failure to  
sanitize input to the 'name' parameter.

While the newer BID talks about this parameter in "the 'Comment'  
section", I'm not clear what that is or if it's different from a  
guestbook message itself. I don't find mention of 'comment' in the PHP  
code. Nor do I see it in any live sites I've look at.


theall at tenablesecurity.com

More information about the VIM mailing list