header-logo
Suggest Exploit
vendor:
Mambo Open Source
by:
Unknown
7.5
CVSS
HIGH
Input Validation
Unknown
CWE
Product Name: Mambo Open Source
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:mambo_open_source:mambo
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Multiple Input Validation Vulnerabilities in Mambo Open Source

The vulnerabilities in Mambo Open Source are caused by a lack of proper input validation for user-supplied URI parameters. This allows an attacker to execute arbitrary server-side script code, perform cross-site scripting attacks, and carry out SQL injection attacks against the affected application.

Mitigation:

The vendor has not provided any specific mitigation or remediation steps for these vulnerabilities. It is recommended to update to the latest version of Mambo Open Source or consider using an alternative software.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11220/info

Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer, to carry out cross-site scripting attacks, and to make SLQ injection attacks against the vulnerable application.

http://www.example.com/index.php?option=com_content&task=view&id=15&Itemid=2&limit=1"><script>alert(document.cookie)</script>&limitstart=1

Navigation

Suggest Exploit

Services By CQR