A Secunia Advisory reports:
Some vulnerabilities have been reported in Mambo, where
some have unknown impacts and others can be exploited by
malicious people to conduct spoofing and SQL injection
attacks.
- Input passed to the "user_rating" parameter when
voting isn't properly sanitised before being used in a
SQL query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.
- Some unspecified vulnerabilities in the "mosDBTable"
class and the "DOMIT" library have an unknown
impact.
- An unspecified error in the "administrator/index3.php"
script can be exploited to spoof session IDs.