oss-sec mailing list archives

CVE request: phplist before 2.10.18 XSS and sql injection

From: Hanno Böck <hanno () hboeck de>
Date: Sat, 16 Jun 2012 05:19:56 +0200

http://www.exploit-db.com/exploits/18639/

cite from there:
"Desc: Input passed via the parameter 'sortby' is not properly
sanitised before being returned to the user or used in SQL queries.
This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code. The param 'num' is vulnerable to a XSS issue
where the attacker can execute arbitrary HTML and script code in
a user's browser session in context of an affected site."

Upstreams release notes for 2.10.18:
http://www.phplist.com/?lid=567
mentions:
"This version fixes a few small bugs and a security issue that was
found. The security issues fixed require the administrator to be logged
in. Therefore the vulnerability can be classified as "intermediate".
There's no immediate danger of the vulnerabilities to be exploited
remotely."

Please assign two CVEs.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: phplist before 2.10.18 XSS and sql injection Hanno Böck (Jun 15)
- Re: CVE request: phplist before 2.10.18 XSS and sql injection Kurt Seifried (Jun 16)