CVE-2009-4199

Name of the Vulnerable Software and Affected Versions Mambo Resident (aka Mos Res or com mosres) component version 1.0f

Description The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This can be achieved via the property uid parameter in a "viewproperty" action to "index.php" and the regID parameter in a "showregion" action to "index.php".

Recommendations For Mambo Resident (aka Mos Res or com mosres) component version 1.0f, consider disabling the magic quotes gpc feature to prevent SQL injection attacks. As a temporary workaround, restrict access to the "viewproperty" and "showregion" actions in index.php to minimize the risk of exploitation. Avoid using the property uid and regID parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.