Mambo Open Source mambo.php User Name SQL Injection

2004-04-02T00:00:00
ID OSVDB:7516
Type osvdb
Reporter OSVDB
Modified 2004-04-02T00:00:00

Description

Vulnerability Description

Mambo contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user input submitted to the 'mambo.php' is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Technical Description

The magic_quotes_gpc option must be set to off to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mambo contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user input submitted to the 'mambo.php' is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.mamboserver.com Vendor Specific Advisory URL