Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: SMF index.php msg parameter SQL-injection (2005)
From: Henri Salo <henri () nerv fi>
Date: Mon, 8 Oct 2012 15:51:23 +0300

On Fri, Sep 14, 2012 at 11:29:07AM -0600, Kurt Seifried wrote:
On 09/14/2012 06:40 AM, Henri Salo wrote:
Hello list,

Old SQL-injection security issue in SMF does not have
CVE-identifier. Could you please assign one from year 2005,
thanks.

Affected versions: <= 1.0.4 Fixed in 1.0.5

References: http://osvdb.org/17458 
http://secunia.com/advisories/15784/

- Henri Salo ps. never too late


Can you confirm this isn't
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4159

To me this looks like a different vulnerability, because of different affected files and parameters.

CVE-2005-XXXX:
index.php
http://osvdb.org/17458
http://www.securiteam.com/exploits/5HP0N0KG0O.html

CVE-2005-4159:
Memberlist.php
http://osvdb.org/21722
http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html

- Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]