CVE-2011-2917 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2011-2917

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

Published: Dec 8, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2917
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
mambo-foundation / mambo	4.6	4.6.x
mambo-foundation / mambo	4.6.2-pre2	4.6.2-pre2.x
mambo-foundation / mambo	4.6.2	4.6.2.x
mambo-foundation / mambo	4.6-rc1	4.6-rc1.x
mambo-foundation / mambo	4.6.2-pre1	4.6.2-pre1.x
mambo-foundation / mambo	4.6.1	4.6.1.x
mambo-foundation / mambo	4.6.4	4.6.4.x
mambo-foundation / mambo	-	4.6.5.x
mambo-foundation / mambo	4.6-rc2	4.6-rc2.x
mambo-foundation / mambo	4.6.3	4.6.3.x