oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2008-6049 is bogus

From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 8 Feb 2009 13:48:46 +0100
Hi,
"SQL injection vulnerability in index.php in TinyMCE 2.0.1 
allows remote attackers to execute arbitrary SQL commands 
via the menuID parameter."

I just checked this issue. As far as I can tell tinymce does 
not ship any php code so something seems fishy with that. 
2.0.1 did also not ship php code:
http://prdownloads.sourceforge.net/tinymce/tinymce_2_0_1.zip?download


Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: