oss-sec mailing list archives
Re: phpmyvisites 2.3
From: Anthon Pang <anthon.pang () gmail com>
Date: Tue, 30 Mar 2010 18:34:37 -0400
On Tue, Mar 30, 2010 at 5:41 PM, Steven M. Christey <coley () linus mitre org>wrote:
On Wed, 10 Mar 2010, Henri Salo wrote: There is a security vulnerability in phpMyVisites 2.3. Is there a CVEassigned for that issue? http://www.phpmyvisites.us/phpmv2/CHANGELOGUse CVE-2009-4763 Notes: 1) SourceForge has recently made it difficult/impossible to obtain changelogs for new releases, so I can't find any information on the December release of ClickHeat to get more details. 2) Consequently, it could be that phpMyVisites is fixing an old ClickHeat problem (CVE-2008-5793) but neither is it clear if that ClickHeat is even the same product. - Steve
It appears to be a different issue. ClickHeat's primary developer denies this is a ClickHeat vulnerability: https://sourceforge.net/tracker/?func=detail&aid=2916809&group_id=181196&atid=896225 And states that the vulnerability requires the attacker to already have elevated privileges (application-level admin access in PMV). -- Anthon
Current thread:
- phpmyvisites 2.3 Henri Salo (Mar 10)
- Re: phpmyvisites 2.3 Anthon Pang (Mar 10)
- Re: phpmyvisites 2.3 Steven M. Christey (Mar 30)
- Re: phpmyvisites 2.3 Anthon Pang (Mar 30)