Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability
BID:29936
Info
Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability
| Bugtraq ID: | 29936 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 25 2008 12:00AM |
| Updated: | Jun 30 2008 10:20PM |
| Credit: | Ded MustD!e |
| Vulnerable: |
Mambo Mambo Site Server 4.0.14 Mambo Mambo Site Server 4.0.12 RC3 Mambo Mambo Site Server 4.0.12 RC2 Mambo Mambo Site Server 4.0.12 RC1 Mambo Mambo Site Server 4.0.12 BETA 2 Mambo Mambo Site Server 4.0.12 BETA Mambo Mambo Site Server 4.0.12 Mambo Mambo Site Server 4.0.11 Mambo Mambo Site Server 4.0.10 Mambo Mambo Site Server 4.0 Mambo Mambo Site Server 3.7 Mambo Mambo Open Source 4.6.4 Mambo Mambo Open Source 4.6.3 Mambo Mambo Open Source 4.6.2 Mambo Mambo Open Source 4.6.1 Mambo Mambo Open Source 4.6.1 Mambo Mambo Open Source 4.6 CVS Mambo Mambo Open Source 4.6 Mambo Mambo Open Source 4.5.5 Mambo Mambo Open Source 4.5.4 SP3 Mambo Mambo Open Source 4.5.4 Mambo Mambo Open Source 4.5.3 Mambo Mambo Open Source 4.5.2 .3 Mambo Mambo Open Source 4.5.2 .2 Mambo Mambo Open Source 4.5.2 .1 Mambo Mambo Open Source 4.5.2 Mambo Mambo Open Source 4.5.1 (1.0.9) Mambo Mambo Open Source 4.5.1 Beta 2 Mambo Mambo Open Source 4.5.1 Beta Mambo Mambo Open Source 4.5.1 Mambo Mambo Open Source 4.5 (1.0.3beta) Mambo Mambo Open Source 4.5 (1.0.3) Mambo Mambo Open Source 4.5 (1.0.2) Mambo Mambo Open Source 4.5 (1.0.1) Mambo Mambo Open Source 4.5 (1.0.0) Mambo Mambo Open Source 4.0.14 Mambo Mambo Open Source 4.6.0 rc2 Mambo Mambo Open Source 4.6.0 rc1 Mambo Mambo Open Source 4.5.3h |
| Not Vulnerable: | |
Discussion
Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability
The Articles component for Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NOTE: This issue affects unspecified versions of Mambo, but presumably most versions will be affected because the Articles component is a core feature of the application. We will update this BID as more information emerges.
UPDATE (June 30, 2008): Further information regarding this issue indicates that Joomla! is not affected. Reports also indicate that the issue may affect only Mambo versions prior to 4.0.14, but this his has not been confirmed.
The Articles component for Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
NOTE: This issue affects unspecified versions of Mambo, but presumably most versions will be affected because the Articles component is a core feature of the application. We will update this BID as more information emerges.
UPDATE (June 30, 2008): Further information regarding this issue indicates that Joomla! is not affected. Reports also indicate that the issue may affect only Mambo versions prior to 4.0.14, but this his has not been confirmed.
Exploit / POC
Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Attackers can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Mambo Articles Component 'artid' Parameter SQL Injection Vulnerability
References:
References:
- Mambo Homepage (Mambo)