|
|
CVE Reference: CVE-2006-1794 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-1794 |
|
|
Description: SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/24951 SAID Secunia Advisory: SA18935 OSVDB 23402 23503 MISC http://www.gulftech.org/?node=research&article_id=00104-02242006 CONFIRM http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/ BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html BID 16775 |
|
| Return to the previous page. |
