SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2007-0789
Probability of exploitation activity in the next 30 days: 0.24%
CVSS scores for CVE-2007-0789
CWE ids for CVE-2007-0789
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: firstname.lastname@example.org (Primary)
References for CVE-2007-0789