PT-2006-4157 · Mambo · Mambo
Publicado
2006-06-27
·
Atualizado
2008-09-05
·
CVE-2006-3263
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mambo versions 4.6rc1 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the
catid parameter in the Weblinks module, specifically in the weblinks.php file.Recommendations
For Mambo versions 4.6rc1 and earlier, avoid using the
catid parameter in the Weblinks module until the issue is resolved. As a temporary workaround, consider restricting access to the weblinks.php file to minimize the risk of exploitation.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mambo