CVE-2006-7150

Published: Mar 7, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.

Affected (4)

Products: Mambo: Mambo Open Source

Mambo

1 product

Mambo Open Source

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mambo Mambo Open Source	Version 4.6.1
Mambo Mambo Open Source	Version 4.6
Mambo Mambo Open Source	Version 4.6 rc1
Mambo Mambo Open Source	Version 4.6 rc2

References (10)

http://securityreason.com/securityalert/2379

Source: cve@mitre.org

http://www.kapda.ir/advisory-444.html

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/archive/1/449305/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/20650

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/29707

Source: cve@mitre.org

http://securityreason.com/securityalert/2379