Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mambo Mambo 版本修复多个输入验证漏洞
Vulnerability Description
Mambo(也被称为Joomla)是一款开放源代码的WEB内容管理系统。 Mambo的4.6.4之前版本中存在多个输入验证错误,允许恶意用户执行SQL注入或HTTP响应拆分攻击。 index.php文件中没有正确地过滤对articleid和mcname参数的输入便使用在了SQL查询中,这允许攻击者执行SQL注入攻击,导致检索管理员用户名和口令哈希。成功利用这个漏洞要求禁用了magic_quotes_gpc。
CVSS Information
N/A
Vulnerability Type
N/A