oss-sec mailing list archives
CVE-2008-6049 is bogus
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 8 Feb 2009 13:48:46 +0100
Hi, "SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows remote attackers to execute arbitrary SQL commands via the menuID parameter." I just checked this issue. As far as I can tell tinymce does not ship any php code so something seems fishy with that. 2.0.1 did also not ship php code: http://prdownloads.sourceforge.net/tinymce/tinymce_2_0_1.zip?download Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE-2008-6049 is bogus Nico Golde (Feb 08)