CVE-2006-1794

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).

Published: Apr 17, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1794
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mambo / mambo	4.5_1.0.1	4.5_1.0.1.x
mambo / mambo	4.5.2	4.5.2.x
mambo / mambo	4.5_1.0.3_beta	4.5_1.0.3_beta.x
mambo / mambo	4.5.2.2	4.5.2.2.x
mambo / mambo	4.5.1_1.0.9	4.5.1_1.0.9.x
mambo / mambo	4.5.2.3	4.5.2.3.x
mambo / mambo	4.5_1.0.3_beta-beta	4.5_1.0.3_beta-beta.x
mambo / mambo	4.5.1a-beta	4.5.1a-beta.x
mambo / mambo	4.5_1.0.0	4.5_1.0.0.x
mambo / mambo	4.5.1a	4.5.1a.x
mambo / mambo	4.5.3h	4.5.3h.x
mambo / mambo	4.5.1a-beta_2	4.5.1a-beta_2.x
mambo / mambo	4.5.2.1	4.5.2.1.x
mambo / mambo	4.0.14	4.0.14.x
mambo / mambo	-	4.5.3h.x
mambo / mambo	4.5_1.0.2	4.5_1.0.2.x

Vulnerability Database

289,784

CVE-2006-1794