Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Mambo, Joomla releases fix security vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Mambo, Joomla releases fix security vulnerabilities
Various security vulnerabilities have been identified in two most popular open source CMS (Content Management System) packages.

All version of Mambo prior to 4.6RC1 are vulnerable to a SQL injection attack in the weblinks.php file. You can patch this manually as only two variables need to be escaped, or you can download patches from the Mambo web site, http://www.mamboserver.com.
We've also received reports that some vulnerabilities in previous versions of Mambo (older than 4.5.3) are being actively exploited, so be sure that you are running the latest version, with the security patch installed. If we get more information about attacks we'll post an update.

New release of Joomla, 1.0.10 also fixes couple of security vulnerabilities. Joomla is also vulnerable to SQL injection attacks, of which 3 rated critical were fixed in the latest release. As the latest version fixes other security vulnerabilities and numerous bugs, users are urged to upgrade. You can find more information on the Joomla web site, http://www.joomla.org.

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Riyadh April 2019

Bojan

376 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!