CVE-2006-1794

Mambo <4.5.3 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43835

View Code ZIP pw:eip

References (9)

[Exploit, Patch, Vendor Advisory] http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html

[Vendor Advisory] http://secunia.com/advisories/18935

[Patch] http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/

[Exploit, Patch] http://www.gulftech.org/?node=research&article_id=00104-02242006

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23402

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23503

[Exploit, Patch] http://www.securityfocus.com/bid/16775

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24951

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0719

Scores

EPSS 0.0108

EPSS Percentile 77.9%

Details

Status published

Products (13)

mambo/mambo 4.0.14

mambo/mambo 4.5.1_1.0.9

mambo/mambo 4.5.1a (3 CPE variants)

mambo/mambo 4.5.2

mambo/mambo 4.5.2.1

mambo/mambo 4.5.2.2

mambo/mambo 4.5.2.3

mambo/mambo 4.5.3h

mambo/mambo 4.5_1.0.0

mambo/mambo 4.5_1.0.1

... and 3 more

Published Apr 17, 2006

Tracked Since Feb 18, 2026