Vulnerabilities > CVE-2007-0374 - SQL Injection vulnerability in Mambo/Joomla CMS ID
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
Application | 1 |
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_8A5770B454B511DBA5AE00508D6A62DF.NASL |
description | James Bercegay reports : Mambo is vulnerable to an Authentication Bypass issue that is due to a SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function. Omid reports : There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions) : - When a user edits a content, the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 55439 |
published | 2011-06-28 |
reporter | This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/55439 |
title | FreeBSD : mambo -- multiple SQL injection vulnerabilities (8a5770b4-54b5-11db-a5ae-00508d6a62df) |
Packetstorm
data source | https://packetstormsecurity.com/files/download/54195/joomla150beta-sql.txt |
id | PACKETSTORM:54195 |
last seen | 2016-12-05 |
published | 2007-02-06 |
reporter | Omid |
source | https://packetstormsecurity.com/files/54195/joomla150beta-sql.txt.html |
title | joomla150beta-sql.txt |