FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8a5770b4-54b5-11db-a5ae-00508d6a62df	mambo -- multiple SQL injection vulnerabilities James Bercegay reports: Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function. Omid reports: There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions): When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections. The "limit" parameter in the administration section is not checked. This affects many pages of administration section In the administration section, while editing/creating a user, the "gid" parameter is not checked properly. Discovery 2006-08-26 Entry 2006-10-05 Modified 2011-06-27 mambo < 4.6.5 19719 19734 http://www.gulftech.org/?node=research&article_id=00116-10042006 http://seclists.org/bugtraq/2006/Aug/0491.html http://www.frsirt.com/english/advisories/2006/3918 http://mamboxchange.com/forum/forum.php?forum_id=7704 http://secunia.com/advisories/21644/ http://secunia.com/advisories/22221/

VuXML ID

Description

8a5770b4-54b5-11db-a5ae-00508d6a62df

mambo -- multiple SQL injection vulnerabilities

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections.

The "limit" parameter in the administration section is not checked. This affects many pages of administration section

In the administration section, while editing/creating a user, the "gid" parameter is not checked properly.

Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27
mambo

< 4.6.5

19719
19734
http://www.gulftech.org/?node=research&article_id=00116-10042006
http://seclists.org/bugtraq/2006/Aug/0491.html
http://www.frsirt.com/english/advisories/2006/3918
http://mamboxchange.com/forum/forum.php?forum_id=7704
http://secunia.com/advisories/21644/
http://secunia.com/advisories/22221/