header-logo
Suggest Exploit
vendor:
Mambo Server
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Mambo Server
Affected Version From: 4.0.14
Affected Version To: 4.0.14
Patch Exists: YES
Related CWE: N/A
CPE: a:mambo:mambo_server:4.0.14
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004

Mambo Open Source 4.0.14 Server SQL Injection Vulnerability

It has been reported that Mambo Open Source 4.0.14 Server is prone to SQL injection attacks. The problem is said to occur due to insufficient sanitization of data passed to specific index.php variables. As a result, an attacker may be capable of influencing the logic of specific queries or statements made by the underlying database. This could ultimately result in a number of attacks being carried out against the system.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being passed to the underlying database.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9196/info

It has bee reported that Mambo Open Source 4.0.14 Server is prone to SQL injection attacks. The problem is said to occur due to insufficient sanitization of data passed to specific index.php variables. As a result, an attacker may be capable of influencing the logic of specific queries or statements made by the underlying database. This could ultimately result in a number of attacks being carried out against the system. 

http://www.example.com/index.php?option=articles&task=viewarticle&artid=5%20UNION%20somequery

Navigation

Suggest Exploit

Services By CQR