FreeBSD : mambo -- multiple SQL injection vulnerabilities (8a5770b4-54b5-11db-a5ae-00508d6a62df)
High Nessus Plugin ID 55439
The remote FreeBSD host is missing a security-related update.
James Bercegay reports : Mambo is vulnerable to an Authentication Bypass issue that is due to a SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function. Omid reports : There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions) : - When a user edits a content, the 'id' parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections. - The 'limit' parameter in the administration section is not checked. This affects many pages of administration section - In the administration section, while editing/creating a user, the 'gid' parameter is not checked properly.