[VIM] Piwigo 'dl' Parameter Directory Traversal Vulnerability

Narayan Agarwalla Narayan_Agarwalla at symantec.com
Tue Mar 5 05:46:00 CST 2013


Hi George,

BID 58016: Updated.
BID 58229: Retired as duplicate of 58016

Thanks and Regards,
Narayan

-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf Of George Theall
Sent: Monday, March 04, 2013 6:09 PM
To: Vulnerability Information Managers
Subject: [VIM] Piwigo 'dl' Parameter Directory Traversal Vulnerability

There are two recent BIDs concerning a directory traversal vulnerability vulnerability addressed in 2.4.7 -- 58016, credited to Gjoko Krstic, and 58229, credited to HTBridge. According to http://piwigo.org/bugs/view.php?id=2843, the vulnerability was reported by HTBridge as well as Krstic. 

Rob / Venkat / whoever : does SecurityFocus plan to retire one of these?


George
-- 
theall at tenable.com



More information about the VIM mailing list