mambo -- SQL injection vulnerabilities

2006-06-19T00:00:00
ID F70D09CB-0C46-11DB-AAC7-000C6EC775D9
Type freebsd
Reporter FreeBSD
Modified 2006-10-05T00:00:00

Description

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.