The other sql injection, is the same bug described bellow for Mambo 4.6.1 and Joomla 1.0.11 . This has been solved in SVN version, but the SVN version has another sql injection : The 'catid' parameter is not checked properly in "_buildQuery()" function : File components/com_weblinks/models/category.php, Line 209 : :: $query = "SELECT *" . :: "\n FROM #__weblinks" . ** "\n WHERE catid = $this->_id". :: "\n AND published = 1" . :: "\n AND archived = 0". :: "\n ORDER BY $filter_order $filter_order_dir, ordering"; PoC : http://hacked/index.php?option=com_weblinks&catid=1%20SQLINJECTION may also want to see bug #162750 Reproducible: Didn't try
web-apps please advise
mambo-4.6.2 has been added to the tree.
Thx Gunnar. Closing with NO GLSA since it is not stable.