Vulnerability Details : CVE-2006-1794
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2006-1794
Probability of exploitation activity in the next 30 days: 1.48%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 86 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-1794
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
References for CVE-2006-1794
-
http://www.gulftech.org/?node=research&article_id=00104-02242006
Exploit;Patch
- http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released/
- http://www.vupen.com/english/advisories/2006/0719
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24951
-
http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html
Exploit;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/16775
Exploit;Patch
Products affected by CVE-2006-1794
- cpe:2.3:a:mambo:mambo:*:h:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.3h:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.1_1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.1a:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.1a:beta:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5_1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5_1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta:beta:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5.1a:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5_1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta:*:*:*:*:*:*:*