[] NeoSense
E X P L O I T S
title author type platform port cve id

Mambo Open Source 4.5 - 'index.php' SQL Injection

Author: JeiAr
type: webapps
platform: php
port: 
date_added: 2004-03-16 
date_updated: 2013-01-02 
verified: 1 
codes: CVE-2004-1826;OSVDB-4307 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/9891/info

It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input.

As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.

http://www.example.com/index.php?option=content&task=view&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category&sectionid=[VID]&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category&sectionid=[VID]&id=[SQL]&Itemid=[VID]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.