Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4456

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-4456
Last Modified 05 Sep 2008 05:28:17
Published 21 Aug 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4456

Summary

SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.

Vulnerable Systems

Application

  • Mambo

  • Parkview Consultants Simplefaq 2.11

  • Parkview Consultants Simplefaq 2.40


References

XF - simplefaq-index-sql-injection(36113)

BID - 25376

BUGTRAQ - 20070820 Joomla Component SimpleFAQ V2.11 - Remote SQL Injection

BUGTRAQ - 20070820 Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

MILW0RM - 4296

SREASON - 3041

SECUNIA - 26556


Last Updated: 27 May 2016 10:45:52