oss-sec mailing list archives
Re: Instant v2.0 SQL Injection Vulnerability
From: Solar Designer <solar () openwall com>
Date: Tue, 10 Mar 2015 23:42:21 +0300
On Tue, Mar 10, 2015 at 01:12:16PM -0400, cve-assign () mitre org wrote:
Also, note that this vendor (apparently from Iowa in the U.S.) is not the same as the InstantCMS vendor (see CVE-2013-6839), apparently located in Russia.
This is what confused me into accepting the message for oss-security. I found this website: http://www.instantcms.ru/get which says (in Russian) that InstantCMS is licensed under GNU GPLv2. If the message was about a proprietary product (or a SaaS offering?), then ideally we should have rejected it... but as discussed before, it's unrealistic for list moderators to investigate these things thoroughly. Alexander
Current thread:
- Instant v2.0 SQL Injection Vulnerability Steevee a.k.a Stefanus (Mar 09)
- Re: Instant v2.0 SQL Injection Vulnerability cve-assign (Mar 10)
- Re: Instant v2.0 SQL Injection Vulnerability Solar Designer (Mar 10)
- Re: Instant v2.0 SQL Injection Vulnerability cve-assign (Mar 10)