CVE-2006-1794

by Fred · 17/04/2006

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).

Date published : 2006-04-17

http://www.securityfocus.com/bid/16775

http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html

CVE-2006-1794

Similar

Recent Posts

Categories

CVE-2006-1794

Share this:

Similar

Recent Posts

Categories

Tags