BID:23787

Mambo Open Source Unauthorized Database Access Vulnerability

Info

Mambo Open Source Unauthorized Database Access Vulnerability

Bugtraq ID:	23787
Class:	Access Validation Error
CVE:	CVE-2006-7202
Remote:	Yes
Local:	No
Published:	Dec 14 2006 12:00AM
Updated:	May 07 2015 05:39PM
Credit:	Discovered by Robert Atkinson.
Vulnerable:	Mambo Mambo Open Source 4.6.1

Not Vulnerable:	Mambo Mambo Open Source 4.6.2

Discussion

Mambo Open Source Unauthorized Database Access Vulnerability

Mambo Open Source is prone to a vulnerability that allows attackers to gain unauthorized access to the database because the application fails to perform access-validation checks.

Mambo Open Source 4.6.1 is reported vulnerable to this issue; other versions may be affected as well.

Exploit / POC

Mambo Open Source Unauthorized Database Access Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

Mambo Open Source Unauthorized Database Access Vulnerability

Solution:
The vendor has released Mambo Open Source 4.6.2 to address this issue.

References

Mambo Open Source Unauthorized Database Access Vulnerability

References:

FS#170 - Fix for PDF Security Hole (Mambo)
Mambo Home Page (Mambo )