FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mambo -- SQL injection vulnerabilities

Affected packages
mambo < 4.5.4

Details

VuXML ID f70d09cb-0c46-11db-aac7-000c6ec775d9
Discovery 2006-06-19
Entry 2006-07-05
Modified 2006-10-05

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.

References

Bugtraq ID 16775
CVE Name CVE-2006-0871
CVE Name CVE-2006-1794
CVE Name CVE-2006-3262
CVE Name CVE-2006-3263
Message 20060617123242.1684.qmail@securityfocus.com
URL http://secunia.com/advisories/18935/
URL http://secunia.com/advisories/20745/
URL http://www.gulftech.org/?node=research&article_id=00104-02242006
URL http://www.mamboserver.com/?option=com_content&task=view&id=207