Mambo / Joomla SQL Injection Vulnerability Discovered

Mambo / Joomla SQL Injection Vulnerability Discovered

Web Hosting News

Web Services News

Web Hosting News

Web Services News

RELATED NEWS

Now, salsa lessons from soccer star Nobby Solano

TV show 'Dallas' set to make a comeback

Dallas To Return To Tv

Former Puerto Rico baseball star relishes work, still going strong at 104 years old

Top Colombian salsa band eyes Bollywood

Colombian Salsa music troupe to perform in Delhi

Shakira Video Songs: Celebrating The Spirit

Supreme Court Justice Sonia Sotomayor returns to old Bronx elementary school

Latin Star Aguabella Dies

Latin jazz percussionist Aguabella, who played with Sinatra and Paul Simon, dies in LA at 84

By Angsuman Chakraborty, Gaea News Network
Monday, August 28, 2006

Omid has discovered a vulnerability in Mambo & Joomla, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the “id” parameter when editing content isn’t properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires “Editor” privileges.

Some SQL injection issues have also been reported in the administration section.

The vulnerability has been confirmed in Mambo version 4.5.4 and has also been reported in version 4.6 RC2. It has been confirmed in Joomla version 1.0.10. Other versions may also be affected. via Secunia

Simple Solution:
Grant only trusted users “Editor” privileges.

Filed under: CMS Software, Computer Security, Headline News, Open Source Software, Web, Web Hosting, Web Services

Discuss Bellow

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News