• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability

The Articles component for Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

NOTE: This issue affects unspecified versions of Mambo, but presumably most versions will be affected because the Articles component is a core feature of the application. We will update this BID as more information emerges.

UPDATE (June 30, 2008): Further information regarding this issue indicates that Joomla! is not affected. Reports also indicate that the issue may affect only Mambo versions prior to 4.0.14, but this his has not been confirmed.