FreeBSD : mambo -- SQL injection vulnerabilities (f70d09cb-0c46-11db-aac7-000c6ec775d9)

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Team Mambo reports that two SQL injection vulnerabilities have
been found in Mambo. The vulnerabilities exists due to missing
sanitation of the title and catid parameters in the weblinks.php page
and can lead to execution of arbitrary SQL code.

See also :

http://marc.info/?l=bugtraq&m=115056811230529
http://www.mamboserver.com/?option=com_content&task=view&id=207
http://www.gulftech.org/?node=research&article_id=00104-02242006
http://www.nessus.org/u?4531f798

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 22041 (freebsd_pkg_f70d09cb0c4611dbaac7000c6ec775d9.nasl)

Bugtraq ID: 16775

CVE ID: CVE-2006-0871
CVE-2006-1794
CVE-2006-3262
CVE-2006-3263

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now