Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities

info
discussion
exploit
solution
references

Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities

Mambo is prone to an SQL-injection vulnerability and an HTTP-response-splitting issue because the application fails to properly sanitize user-supplied input.

An attacker could exploit these vulnerabilities to access or modify data, exploit latent vulnerabilities in the underlying database, or coax victims into a false sense of security so they may divulge sensitive information.

Versions prior to Mambo 4.6.4 are vulnerable.