Various security vulnerabilities have been identified in two most popular open source CMS (Content Management System) packages.
All version of Mambo prior to 4.6RC1 are vulnerable to a SQL injection attack in the weblinks.php file. You can patch this manually as only two variables need to be escaped, or you can download patches from the Mambo web site, http://www.mamboserver.com.
We've also received reports that some vulnerabilities in previous versions of Mambo (older than 4.5.3) are being actively exploited, so be sure that you are running the latest version, with the security patch installed. If we get more information about attacks we'll post an update.
New release of Joomla, 1.0.10 also fixes couple of security vulnerabilities. Joomla is also vulnerable to SQL injection attacks, of which 3 rated critical were fixed in the latest release. As the latest version fixes other security vulnerabilities and numerous bugs, users are urged to upgrade. You can find more information on the Joomla web site, http://www.joomla.org.
I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS London July 2019
Jun 27th 2006
1 decade ago