oss-sec mailing list archives
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities
From: Henri Salo <henri () nerv fi>
Date: Mon, 21 Nov 2011 23:30:47 +0200
On Mon, Nov 21, 2011 at 02:23:49PM -0700, Kurt Seifried wrote:
On 11/21/2011 10:53 AM, Henri Salo wrote:Can I get CVE-identifier for this issue: http://archives.neohapsis.com/archives/fulldisclosure/current/0112.html Other references: http://osvdb.org/show/osvdb/76933 http://osvdb.org/show/osvdb/76934 http://osvdb.org/show/osvdb/76932 http://secunia.com/advisories/46762/ Best regards, Henri SaloThere appear to be two separate issues here, can you confirm this? -- -Kurt Seifried / Red Hat Security Response Team
I think this needs three different CVE-identifiers. Here is a description from Secunia and the last item seems critical. 1) Input passed to the "from" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "page_no" parameter in recentchanges.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "userfile" POST parameter in edit.php is not properly verified before being used to upload files. This can be exploited to e.g. upload arbitrary PHP files with e.g. a ".gif" extension. Best regards, Henri Salo
Current thread:
- CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)