FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mambo -- multiple SQL injection vulnerabilities

Affected packages
mambo < 4.6.5

Details

VuXML ID 8a5770b4-54b5-11db-a5ae-00508d6a62df
Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

References

Bugtraq ID 19719
Bugtraq ID 19734
URL http://mamboxchange.com/forum/forum.php?forum_id=7704
URL http://seclists.org/bugtraq/2006/Aug/0491.html
URL http://secunia.com/advisories/21644/
URL http://secunia.com/advisories/22221/
URL http://www.frsirt.com/english/advisories/2006/3918
URL http://www.gulftech.org/?node=research&article_id=00116-10042006