http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1330 : Multiple SQL injection vulnerabilities in phpWebsite allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. http://www.securityfocus.com/bid/17150 --- there does not seem to be a fix available so far web-apps pls validate
posted a bug with phpwebsite, which got no response so far but they now have the following info on their website: Security warning Posted by: Matt on 03/27/2006 08:27 AM Various security sites have released a warning for phpWebSite. They refer to some old files used after a 0.8.x conversion. If you still have article.php or friend.php in your installation, delete them.
So how should we go on with this one if the two files are from older versions and should not be present on current installations? And how big is the chance of these files still being present... web-apps... any comments?
I'd say that's quite unlikely.
Closing as INVALID, feel free to reopen if you have any evidence this could be happening on Gentoo.
