mambo -- SQL injection vulnerabilities

ID F70D09CB-0C46-11DB-AAC7-000C6EC775D9
Type freebsd
Reporter FreeBSD
Modified 2006-10-05T00:00:00


The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.