Date: 08/28/06 (Java Web) Keywords: sql Omid has discovered a vulnerability in Mambo & Joomla, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the “id” parameter when editing content isn’t properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires “Editor” [...] Source: http://blog.taragana.com/index.php/archive/mambo-joomla-sql-injection-vulnerability-discovered/
|