oss-sec mailing list archives
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005)
From: Henri Salo <henri () nerv fi>
Date: Mon, 8 Oct 2012 15:51:23 +0300
On Fri, Sep 14, 2012 at 11:29:07AM -0600, Kurt Seifried wrote:
On 09/14/2012 06:40 AM, Henri Salo wrote:Hello list, Old SQL-injection security issue in SMF does not have CVE-identifier. Could you please assign one from year 2005, thanks. Affected versions: <= 1.0.4 Fixed in 1.0.5 References: http://osvdb.org/17458 http://secunia.com/advisories/15784/ - Henri Salo ps. never too lateCan you confirm this isn't http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4159
To me this looks like a different vulnerability, because of different affected files and parameters. CVE-2005-XXXX: index.php http://osvdb.org/17458 http://www.securiteam.com/exploits/5HP0N0KG0O.html CVE-2005-4159: Memberlist.php http://osvdb.org/21722 http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html - Henri Salo
Current thread:
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Oct 08)
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Nov 14)