Published: 27/06/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and previous versions allows remote malicious users to execute arbitrary SQL commands via the title parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mambo mambo

#!/usr/bin/php -q -d short_open_tag=on <? echo "Mambo <= 46rc1 'Weblinks' blind SQL injection / admin credentials\r\n"; echo "disclosure exploit ii (quicker and more effective version, but it floods\r\n"; echo "admin of links submissions)\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n"; if ($ ...

#!/usr/bin/php -q -d short_open_tag=on <? echo "Mambo <= 46rc1 'Weblinks' blind SQL injection / admin credentials\r\n"; echo "disclosure exploit (benchmark() vesion)\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n"; echo "this is called the Sun-Tzu 'trascendental guru meditation' tecnique\r\n\r\n"; ...

NVD-CWE-Other http://retrogod.altervista.org/mambo_46rc1_sql.html http://www.mamboserver.com/?option=com_content&task=view&id=207 http://securitytracker.com/id?1016334 http://secunia.com/advisories/20745 http://www.securityfocus.com/bid/18492 http://www.osvdb.org/26624 http://securityreason.com/securityalert/1158 http://www.vupen.com/english/advisories/2006/2416 http://www.securityfocus.com/archive/1/437496/100/100/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1941/

CVE-2006-3262

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect