FreeBSD Ports: Mambo Network Vulnerability

Summary

The remote host is missing an update to the system as announced in the referenced advisory.

Solution

Update your system with the appropriate patches or software upgrades. http://secunia.com/advisories/20745/ http://www.mamboserver.com/?option=com_content&task=view&id=207 http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529 http://www.vuxml.org/freebsd/f70d09cb-0c46-11db-aac7-000c6ec775d9.html

Insight

The following package is affected: mambo CVE-2006-3262 SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. CVE-2006-3263 SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Severity

Classification

CVE CVE-2006-0871, CVE-2006-1794, CVE-2006-3262, CVE-2006-3263

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

FreeBSD Ports: chromium
FreeBSD Ports: cacti
FreeBSD Ports: courier
FreeBSD Ports: corkscrew
FreeBSD Ports: amarok

FreeBSD Ports: mambo

Take action and discover your vulnerabilities