CVE-2006-1794
CVE-2006-1794
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/43835unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.htmlhttp://secunia.com/advisories/18935https://exchange.xforce.ibmcloud.com/vulnerabilities/24951http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/http://www.gulftech.org/?node=research&article_id=00104-02242006http://www.osvdb.org/23402http://www.osvdb.org/23503http://www.securityfocus.com/bid/16775http://www.vupen.com/english/advisories/2006/0719