Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2917

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2917
Last Modified 09 Dec 2011 12:00:00
Published 08 Dec 2011 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2917

Summary

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

Vulnerable Systems

Application

  • Mambo-foundation Mambo 4.6

  • Mambo-foundation Mambo 4.6.1

  • Mambo-foundation Mambo 4.6.2

  • Mambo-foundation Mambo 4.6.3

  • Mambo-foundation Mambo 4.6.4

  • Mambo-foundation Mambo 4.6.5


References

MISC - http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection

BID - 49130

OSVDB - 74502

MLIST - [oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL Injection

EXPLOIT-DB - 18110


Last Updated: 27 May 2016 10:57:50