- Rewording 2ffb1b0d-ecf5-11dd-abae-00219b0fc4d (glpi -- SQL Injection)

- Add more reference sites

1 files changed, 6 insertions, 4 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 36e1a8d1fe7f..b686dff07693 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -35,7 +35,7 @@ Note:  Please add new entries to the beginning of this file.
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8">
-    <topic> glpi -- SQL Injection</topic>
+    <topic>glpi -- SQL Injection</topic>
     <affects>
       <package>
 	<name>glpi</name>
@@ -45,9 +45,10 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>The GLPI project reports:</p>
-        <blockquote
-          cite="http://www.glpi-project.org/spip.php?page=annonce&amp;id_breve=161&amp;lang=en">
-	  <p>SQL injection vulnerabilities have been found and fixed.</p>
+        <blockquote cite="http://www.glpi-project.org/spip.php?page=annonce&amp;id_breve=161&amp;lang=en">
+	  <p>Input passed via unspecified parameters is not properly sanitised
+	    before being used in SQL queries. This can be exploited to
+	    manipulateSQL queries by injecting arbitrary SQL code.</p>
 	</blockquote>
       </body>
     </description>
@@ -55,6 +56,7 @@ Note:  Please add new entries to the beginning of this file.
       <url>http://www.glpi-project.org/spip.php?page=annonce&amp;id_breve=161&amp;lang=en</url>
       <url>https://mail.gna.org/public/glpi-news/2009-01/msg00002.html</url>
       <url>https://dev.indepnet.net/glpi/ticket/1224</url>
+      <url>http://secunia.com/advisories/33680/</url>
     </references>
     <dates>
       <discovery>2009-01-25</discovery>