94817 – www-apps/mambo: XSS and SQL injection

Bug 94817 - www-apps/mambo: XSS and SQL injection

Summary: www-apps/mambo: XSS and SQL injection

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Other

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://mamboserver.com/
Whiteboard:	~3 [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-06-02 06:06 UTC by Thierry Carrez (RETIRED)
Modified:	2005-06-02 07:11 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thierry Carrez (RETIRED) gentoo-dev

2005-06-02 06:06:23 UTC

From Mambo website and Christophe Garault :

Security Patch for All Mambo 4.5.x Versions :
Under various (and differing) circumstances, multiple vulnerabilities exist that allow an attacker to steal cookie information, initiatiate XSS and SQL injection attacks.

Download the patch to upgrade Mambo to version 4.5.x.2 from mamboforge.net :
http://mamboforge.net/frs/?group_id=5

Comment 1 Aaron Walker (RETIRED) gentoo-dev

2005-06-02 07:08:34 UTC

4.5.2.2 in cvs.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-06-02 07:11:10 UTC

Thx Aaron. Mambo is not stable on any arches -> Closing.