Family: CGI abuses --> Category: attack
Mambo Open Source usercookie Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to bypass authentication in Mambo Open Source
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is prone to a
SQL injection attack.
The remote installation of Mambo Open Source fails to sanitize input
to the 'usercookie' cookie array before using it in a database query
to authenticate a user. Provided PHP's 'magic_quotes_gpc' setting is
disabled, a possible hacker may be able to exploit this issue to manipulate
database queries and, for example, bypass authentication and gain
administrative access to the affected application.
See also :
Unknown at this time.
Medium / CVSS Base Score : 6
Click HERE for more information and discussions on this network vulnerability scan.