Mambo / Joomla SQL Injection Vulnerability
rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks.
Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability has been confirmed in Mambo version 4.5.3h and has also been reported in version 4.6rc1. Other versions may also be affected.
Exploit:
http://retrogod.altervista.org/mambo_46rc1_sql.html
Solution:
Edit the source code to santize the name field data.
via Secunia
Filed under CMS Software, Computer Security, Headline News, How To, PHP, Web, Web Services | 
| 
RSS 2.0 |
Trackback this Article
| 
Email this Article
You may also like to read |
Add to Technorati Favorites
