CVE-2005-2002

Mambo - SQL Injection

Title source: rule

Description

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by pokleyzz · phpwebappsphp

https://www.exploit-db.com/exploits/1049

View Code ZIP pw:eip

References (6)

[Patch, Vendor Advisory] http://secunia.com/advisories/15710

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13966

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1014222

[Third Party Advisory, VDB Entry] http://www.osvdb.org/17323

[Vendor Advisory] http://mamboforge.net/frs/download.php/6153/CHANGELOG

[Mailing List] http://marc.info/?l=bugtraq&m=111885974124936&w=2

Scores

EPSS 0.0134

EPSS Percentile 80.1%

Details

Status published

Products (6)

mambo/mambo 4.5.0.2

mambo/mambo 4.5.1.3

mambo/mambo 4.5.1a a

mambo/mambo 4.5.2

mambo/mambo 4.5.2.2

mambo/mambo 4.5_1.0.9

Published Jun 15, 2005

Tracked Since Feb 18, 2026