Omid has discovered a vulnerability in Mambo & Joomla, which can be exploited by malicious users to conduct SQL injection attacks. Omid拥有发现的一个漏洞曼波& joomla ,可以利用恶意用户进行SQL注入攻击。

Input passed to the “id” parameter when editing content isn’t properly sanitised before being used in a SQL query.投入,通过向“身份证”参数时,编辑内容不正确sanitised前,被用来在一个SQL查询。 This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.这可以被利用来操纵SQL查询注入任意SQL代码。

Successful exploitation requires “Editor” privileges.成功地利用,需要“编辑”的特权。

Some SQL injection issues have also been reported in the administration section.一些SQL注入问题也被报道,在行政科。

The vulnerability has been confirmed in Mambo version 4.5.4 and has also been reported in version 4.6 RC2.该漏洞已被证实在曼波版本4.5.4 ,并已另据报道,在4.6版的RC2测试版。 It has been confirmed in Joomla version 1.0.10.它已被证实在joomla版本1.0.10 。 Other versions may also be affected.其他版本也可能受到影响。 via通过 Secunia Secunia公司

Simple Solution:简单的解决办法:
Grant only trusted users “Editor” privileges.补助金,只有受信任的用户“编辑”的特权。