Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-request: e107 HTB23004
From: Henri Salo <henri () nerv fi>
Date: Wed, 28 Mar 2012 09:38:58 +0300

I won't veriify these vulnerabilities manually. Please assign 2011 CVE-identifier.

Original advisory: https://www.htbridge.com/advisory/multiple_vulnerabilities_in_e107_1.html
These vulnerabilities have been fixed in 12306 revision.

Please do not ask me why changelog entry does not say anything about security problems. HTBridge has tested that 
vulnerabilities do not exist after patches.

From HTBridge:

On the 6 of July a correction was released:
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?revision=12306&view=markup

Details of this corrections are available here:
http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/users_extended.php?r1=12225&r2=12306

Corrections for our vulnerabilities are marked as "User extended fields administration improvements and cleanup".

The changelog: http://e107.org/svn_changelog.php?version=0.7.26 confirms that this correction was applied to e107 
0.7.26 version.

- Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault