FreeBSD : mambo -- multiple vulnerabilities (0bf9d7fb-05b3-11da-bc08-0001020eed82)
High Nessus Plugin ID 21385
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Secunia Advisory reports :
Some vulnerabilities have been reported in Mambo, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and SQL injection attacks.
- Input passed to the 'user_rating' parameter when voting isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
- Some unspecified vulnerabilities in the 'mosDBTable' class and the 'DOMIT' library have an unknown impact.
- An unspecified error in the 'administrator/index3.php' script can be exploited to spoof session IDs.
SolutionUpdate the affected package.