FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mambo -- multiple vulnerabilities

Affected packages
mambo < 4.5.2.3

Details

VuXML ID 0bf9d7fb-05b3-11da-bc08-0001020eed82
Discovery 2005-06-15
Entry 2005-08-05

A Secunia Advisory reports:

Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks.

  1. Input passed to the "user_rating" parameter when voting isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
  2. Some unspecified vulnerabilities in the "mosDBTable" class and the "DOMIT" library have an unknown impact.
  3. An unspecified error in the "administrator/index3.php" script can be exploited to spoof session IDs.

References

Bugtraq ID 13966
CVE Name CVE-2005-2002
URL http://secunia.com/advisories/15710/