Joomla! and Mambo com_comments Component 0.5.8.5g 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27731/info The Joomla! and Mambo 'comcomments' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

CVE-2008-0773

The CVE-2008-0773 entry describes a SQL injection in Phil Taylor Comments (com_comments, aka Review Script) for Mambo, affecting version 0.5.8.5g and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the id parameter, due to improper input handling in the af...

mambocom-sql.txt

Mambo SQL Injection comcomments Version Affected: = 0.5.8.5g Author: CheebaHawk215 Home page: http://www.always420forum.com Dork: "Review Script", "Phil Taylor" Vulnerable Code: $ptquery = "SELECT FROM moscontentcomments where articleid=$id AND published=1 order by id DESC"; Exploit:...

Joomla! / Mambo Component com_comments 0.5.8.5g - 'id' SQL Injection

source: https://www.securityfocus.com/bid/27731/info The Joomla! and Mambo 'comcomments' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

Joomla! Mambo Component com_comments 0.5.8.5g - id SQL Injection

Joomla! Mambo Component comcomments 0.5.8.5g - id SQL Injection source: https://www.securityfocus.com/bid/27731/info The Joomla! and Mambo 'comcomments' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL quer...