• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mambo/Joomla CMS Multiple SQL Injection Vulnerabilities

Mambo/Joomla CMS are prone to multiple SQL-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the applications, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mambo 4.6 RC2 and Joomla 1.0.10 are reported vulnerable; other versions may be affected.