Описание
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
Ссылки
- ExploitPatchVendor Advisory
- Vendor Advisory
- Patch
- ExploitPatch
- ExploitPatch
- ExploitPatchVendor Advisory
- Vendor Advisory
- Patch
- ExploitPatch
- ExploitPatch
Уязвимые конфигурации
Одно из
EPSS
7.6 High
CVSS2
Дефекты
Связанные уязвимости
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earli ...
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
EPSS
7.6 High
CVSS2