Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities

[Kurt Seifried <kseifried () redhat com>]

On 11/21/2011 02:30 PM, Henri Salo wrote:
> On Mon, Nov 21, 2011 at 02:23:49PM -0700, Kurt Seifried wrote:
> > On 11/21/2011 10:53 AM, Henri Salo wrote:
> > > Can I get CVE-identifier for this issue:
> > >
> > > http://archives.neohapsis.com/archives/fulldisclosure/current/0112.html
> > >
> > > Other references:
> > >
> > > http://osvdb.org/show/osvdb/76933
> > > http://osvdb.org/show/osvdb/76934
> > > http://osvdb.org/show/osvdb/76932
> > > http://secunia.com/advisories/46762/
> > >
> > > Best regards,
> > > Henri Salo
> > There appear to be two separate issues here, can you confirm this?
> >
> > -- 
> >
> > -Kurt Seifried / Red Hat Security Response Team
> I think this needs three different CVE-identifiers. Here is a description from Secunia and the last item seems 
> critical.
>
> 1) Input passed to the "from" parameter in index.php is not properly sanitised before being returned to the user. 
> This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected 
> site.
>
> 2) Input passed to the "page_no" parameter in recentchanges.php is not properly sanitised before being returned to 
> the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of 
> an affected site.

Ok merging these two issues (as per ADT4 specification)  please use
CVE-2011-4333 for this issue.

> 3) Input passed to the "userfile" POST parameter in edit.php is not properly verified before being used to upload 
> files. This can be exploited to e.g. upload arbitrary PHP files with e.g. a ".gif" extension.
Please use CVE-2011-4334 for this issue.

> Best regards,
> Henri Salo


-- 

-Kurt Seifried / Red Hat Security Response Team