162754 – www-apps/mambo SQL Injection Vulnerabilities

Bug 162754 - www-apps/mambo SQL Injection Vulnerabilities

Summary: www-apps/mambo SQL Injection Vulnerabilities

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://archives.neohapsis.com/archive...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2007-01-19 07:25 UTC by Executioner
Modified:	2007-05-18 06:38 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Executioner 2007-01-19 07:25:53 UTC

The other sql injection, is the same bug described bellow for Mambo 4.6.1 and
Joomla 1.0.11 . This has been solved in SVN version, but the SVN version has
another sql injection :
The 'catid' parameter is not checked properly in "_buildQuery()" function :

File components/com_weblinks/models/category.php, Line 209 :
:: $query = "SELECT *" .
:: "\n FROM #__weblinks" .
** "\n WHERE catid = $this->_id".
:: "\n AND published = 1" .
:: "\n AND archived = 0".
:: "\n ORDER BY $filter_order $filter_order_dir, ordering";

PoC : http://hacked/index.php?option=com_weblinks&catid=1%20SQLINJECTION 

may also want to see bug #162750

Reproducible: Didn't try

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2007-02-10 19:46:08 UTC

web-apps please advise

Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev

2007-05-16 15:22:41 UTC

mambo-4.6.2 has been added to the tree.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2007-05-18 06:38:48 UTC

Thx Gunnar.

Closing with NO GLSA since it is not stable.