FreeBSD : mambo -- SQL injection vulnerabilities (f70d09cb-0c46-11db-aac7-000c6ec775d9)

High Nessus Plugin ID 22041


The remote FreeBSD host is missing a security-related update.


The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 22041

File Name: freebsd_pkg_f70d09cb0c4611dbaac7000c6ec775d9.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2006/07/13

Modified: 2016/05/05

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mambo, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2006/07/05

Vulnerability Publication Date: 2006/06/19

Reference Information

CVE: CVE-2006-0871, CVE-2006-1794, CVE-2006-3262, CVE-2006-3263

BID: 16775

Secunia: 18935, 20745