oss-sec mailing list archives

Re: phpmyvisites 2.3

From: Anthon Pang <anthon.pang () gmail com>
Date: Tue, 30 Mar 2010 18:34:37 -0400

On Tue, Mar 30, 2010 at 5:41 PM, Steven M. Christey
<coley () linus mitre org>wrote:


On Wed, 10 Mar 2010, Henri Salo wrote:

 There is a security vulnerability in phpMyVisites 2.3. Is there a CVE

assigned for that issue?

http://www.phpmyvisites.us/phpmv2/CHANGELOG


Use CVE-2009-4763

Notes:

1) SourceForge has recently made it difficult/impossible to obtain
changelogs for new releases, so I can't find any information on the December
release of ClickHeat to get more details.

2) Consequently, it could be that phpMyVisites is fixing an old ClickHeat
  problem (CVE-2008-5793) but neither is it clear if that ClickHeat is
  even the same product.


- Steve


It appears to be a different issue.

ClickHeat's primary developer denies this is a ClickHeat vulnerability:

https://sourceforge.net/tracker/?func=detail&aid=2916809&group_id=181196&atid=896225

And states that the vulnerability requires the attacker to already have
elevated privileges (application-level admin access in PMV).

-- Anthon

Current thread:

phpmyvisites 2.3 Henri Salo (Mar 10)
- Re: phpmyvisites 2.3 Anthon Pang (Mar 10)
- Re: phpmyvisites 2.3 Steven M. Christey (Mar 30)
  - Re: phpmyvisites 2.3 Anthon Pang (Mar 30)