James Bercegay reports:
Mambo is vulnerable to an Authentication Bypass issue that
is due to an SQL Injection in the login function. The SQL
Injection is possible because the $passwd variable is only
sanitized when it is not passed as an argument to the
function.
Omid reports:
There are several sql injections in Mambo 4.6 RC2 &
Joomla 1.0.10 (and maybe other versions):
- When a user edits a content, the "id" parameter is not
checked properly in /components/com_content/content.php,
which can cause 2 sql injections.
- The "limit" parameter in the administration section is
not checked. This affects many pages of administration
section
- In the administration section, while editing/creating a
user, the "gid" parameter is not checked properly.