This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
A Secunia Advisory reports :
Some vulnerabilities have been reported in Mambo, where some have
unknown impacts and others can be exploited by malicious people to
conduct spoofing and SQL injection attacks.
- Input passed to the 'user_rating' parameter when voting isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
- Some unspecified vulnerabilities in the 'mosDBTable' class and the
'DOMIT' library have an unknown impact.
- An unspecified error in the 'administrator/index3.php' script can be
exploited to spoof session IDs.
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true