Security Announcement

Jun 20, 2006 at 03:44 AM

A SQL injection vulnerability has been identified in Mambo versions <= 4.6RC1. Meaning that current production version 4.5.4 as well as recent versions 4.5.3h, 4.5.3, and 4.5.2.3 are at risk. The quickest way to plug this hole is to open /components/com_weblinks/weblinks.php and add the following two lines at line 250.

Code:

$row->title = $database->getEscaped($row->title);

$row->catid = $database->getEscaped($row->catid);

We recommend you patch this as soon as possible. For those not comfortable with editing the files you can download the patch and install by overwriting the original file with the new one contained in the patch package. Download the appropriate patch here in the Downloads section, under "Core Files > Security Updates."

<Previous		Next>

The Mambo Foundation is a volunteer non-profit organization and relies entirely upon the financial and human resource donations of the wider Mambo open source community to keep Mambo going.

We need your support!
Please make a donation today.

Mambo Developer

Developer Resources

Sponsors: