CVE-2006-3262

Mambo <4.6rc1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1941

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1920

View Code ZIP pw:eip

References (9)

[Exploit] http://retrogod.altervista.org/mambo_46rc1_sql.html

[Patch, Vendor Advisory] http://secunia.com/advisories/20745

[Various Sources] http://www.mamboserver.com/?option=com_content&task=view&id=207

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/437496/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/18492

[Third Party Advisory, VDB Entry] http://www.osvdb.org/26624

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016334

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2416

[Third Party Advisory] http://securityreason.com/securityalert/1158

Scores

EPSS 0.0380

EPSS Percentile 88.1%

Details

Status published

Products (1)

mambo/mambo < 4.6

Published Jun 27, 2006

Tracked Since Feb 18, 2026