CVE-2006-7150

Name of the Vulnerable Software and Affected Versions Mambo versions 4.6.x

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities via the mcname parameter to (1) "moscomment.php" and (2) "com comment.php" API endpoints.

Recommendations For Mambo version 4.6.x, avoid using the mcname parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to "moscomment.php" and "com comment.php" to minimize the risk of exploitation.