[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: phplist before 2.10.18 XSS and sql injection
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-06-17 1:38:50
Message-ID: 4FDD352A.70204 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/15/2012 09:19 PM, Hanno Böck wrote:
> http://www.exploit-db.com/exploits/18639/
> 
> cite from there: "Desc: Input passed via the parameter 'sortby' is
> not properly sanitised before being returned to the user or used in
> SQL queries. This can be exploited to manipulate SQL queries by
> injecting arbitrary SQL code. The param 'num' is vulnerable to a
> XSS issue where the attacker can execute arbitrary HTML and script
> code in a user's browser session in context of an affected site."

Please use CVE-2012-2740 for this issue.

> Upstreams release notes for 2.10.18: 
> http://www.phplist.com/?lid=567 mentions: "This version fixes a few
> small bugs and a security issue that was found. The security issues
> fixed require the administrator to be logged in. Therefore the
> vulnerability can be classified as "intermediate". There's no
> immediate danger of the vulnerabilities to be exploited remotely."

Please use CVE-2012-2741 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP3TUqAAoJEBYNRVNeJnmTVVcQAKZF3tiBYRW9a0NoT6OXCFDk
NR8KJJyW9zCKfebdPgTOa0uIG4KvpFUsV+3RmFYq2I8F7yQyIRKV1ppQ6HaDptX+
kSH6jlnW7Zv+Nbyvn6DhuE3T+RbqJLU7OGwexRF/DcQyNMgfK/xILNh+yeXBe8+C
HJrGB5exSBTqGizNV9KtwUqgOmm27Qh3fZCI/Xn78NdE6l/PyObVNRtNT4G+5b3R
Av+zp/nxyOwM72RLfGRbsFguWyYDHLBYEYiBAhIXVudPYGmE/Zq+vkFA5adOEluh
HiTcX3JUPBxHsyztZVWXnR99ZUWvs8umfwDFNfn7HtMB63Ihev51tO43iBFiDWXR
55CcedMtFzEYTYDXV52SDUlMP5hUChsxTFm+V4ySoLSNHo+ciUKi429W57C+2KEQ
t1cMIQeOaSuGfvlTRcmc9xr5AvsJY/pCYLl2EiYB3fI+e23kdVMsMl8OvCABxehH
P5xcWkjAzk/uqa0h4/v+8p/UN0CXrV+j1lVug11dAPeKk+1sx7syzhGOAc2m0dG9
OEQlnqByVELXinNhtp8xUtwPXowOOpwS2WmFMntePk5ArKjSn+oyFtHrO7Nz569d
KLkdU9BXlf3MahPAFryOtwFepWhn5A1nsS4tj1GPCbRipcPlXftx0cVuPVRStLym
gX40DcGMNqZ0ElJdYIV9
=JVAs
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]