Re: SQL IN PortailPHP

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SQL IN PortailPHP
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Sun, 7 Aug 2005 17:59:04 -0400 (EDT)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

>Vulnerable: PortailPHP 2.4 and all version

According to the vendor web site, the most recent version of
PortailPHP is 1.3, released in October 2004.

Was this a typo?

Other reports for SQL injection in an "id" parameter for 1.3 were
publicly made by CENSORED on May 21, 2005, but those reports were for
other modules (News, File, Liens, and Faq).  A casual source code
inspection of version 1.3 suggests that these are distinct bugs.

- Steve

Prev by Date: Gravity Board X v1.1 multiple vulnerabilities
Next by Date: SQL IN Open Bulletin Board
Previous by thread: SQL IN PortailPHP
Next by thread: [ GLSA 200507-29 ] pstotext: Remote execution of arbitrary code
Index(es):
- Date
- Thread