Mambo 4.6.5 Cross Site Request Forgery / SQL Injection

Affected software: Mambo Type of vulnerability: csrf to sql injection URL: http://source.mambo-foundation.org/ Discovered by: Provensec Website: http://www.provensec.com version 4.6.5 Proof of concept no csrf token were used on sql query form so attacker can leverage csrf to execute sql query on...