Bug 194727

Summary:	www-apps/mambo Component Mambads <= 1.5 Remote SQL Injection Vulnerability (CVE-2007-5177)
Product:	Gentoo Security	Reporter:	Tobias Heinlein (RETIRED) <keytoaster>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	minor
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [upstream]
Package list:		Runtime testing required:	---

Description Tobias Heinlein (RETIRED) gentoo-dev

2007-10-04 19:30:12 UTC

CVE-2007-5177 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5177):
  SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and
  earlier component for Mambo allows remote attackers to execute arbitrary SQL
  commands via the caid parameter.

Comment 1 Tobias Heinlein (RETIRED) gentoo-dev

2007-10-04 19:33:42 UTC

Web-apps, do we ship this component (or is it included by default)? Please advise.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-06 13:21:03 UTC

Hmm I think we don't ship external components, but I'll let web-apps confirm this before closing.

Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev

2007-10-09 04:28:59 UTC

com_mambads is not included. web-apps done here.

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-10-09 07:23:26 UTC

(In reply to comment #3)
> com_mambads is not included. web-apps done here.
> 
ok, so closing.