194727 – www-apps/mambo Component Mambads <= 1.5 Remote SQL Injection Vulnerability (CVE-2007-5177)

Bug 194727 - www-apps/mambo Component Mambads <= 1.5 Remote SQL Injection Vulnerability (CVE-2007-5177)

Summary: www-apps/mambo Component Mambads <= 1.5 Remote SQL Injection Vulnerability (C...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2007-10-04 19:30 UTC by Tobias Heinlein (RETIRED)
Modified:	2007-10-09 07:23 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Heinlein (RETIRED) gentoo-dev

2007-10-04 19:30:12 UTC

CVE-2007-5177 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5177):
  SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and
  earlier component for Mambo allows remote attackers to execute arbitrary SQL
  commands via the caid parameter.

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev

2007-10-04 19:33:42 UTC

Web-apps, do we ship this component (or is it included by default)? Please advise.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-06 13:21:03 UTC

Hmm I think we don't ship external components, but I'll let web-apps confirm this before closing.

Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev

2007-10-09 04:28:59 UTC

com_mambads is not included. web-apps done here.

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-09 07:23:26 UTC

(In reply to comment #3)
> com_mambads is not included. web-apps done here.
> 
ok, so closing.