CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1794

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.0%

CVSS Severity

CVSS v2 Score 7.6

References

Products affected by CVE-2006-1794

Mambo » Mambo » Version: Any

cpe:2.3:a:mambo:mambo:*
Mambo » Mambo » Version: 4.0.14

cpe:2.3:a:mambo:mambo:4.0.14
Mambo » Mambo » Version: 4.5.1_1.0.9

cpe:2.3:a:mambo:mambo:4.5.1_1.0.9
Mambo » Mambo » Version: 4.5.1a

cpe:2.3:a:mambo:mambo:4.5.1a
Mambo » Mambo » Version: 4.5.2

cpe:2.3:a:mambo:mambo:4.5.2
Mambo » Mambo » Version: 4.5.2.1

cpe:2.3:a:mambo:mambo:4.5.2.1
Mambo » Mambo » Version: 4.5.2.2

cpe:2.3:a:mambo:mambo:4.5.2.2
Mambo » Mambo » Version: 4.5.2.3

cpe:2.3:a:mambo:mambo:4.5.2.3
Mambo » Mambo » Version: 4.5.3h

cpe:2.3:a:mambo:mambo:4.5.3h
Mambo » Mambo » Version: 4.5_1.0.0

cpe:2.3:a:mambo:mambo:4.5_1.0.0
Mambo » Mambo » Version: 4.5_1.0.1

cpe:2.3:a:mambo:mambo:4.5_1.0.1
Mambo » Mambo » Version: 4.5_1.0.2

cpe:2.3:a:mambo:mambo:4.5_1.0.2
Mambo » Mambo » Version: 4.5_1.0.3_beta

cpe:2.3:a:mambo:mambo:4.5_1.0.3_beta

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-1794

Products

Pricing

Contact Us