SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
2011-12-08T19:55:01.110
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mambo-foundation | mambo | ≤ 4.6.5 | Yes |
| Application | mambo-foundation | mambo | 4.6 | Yes |
| Application | mambo-foundation | mambo | 4.6 | Yes |
| Application | mambo-foundation | mambo | 4.6 | Yes |
| Application | mambo-foundation | mambo | 4.6.1 | Yes |
| Application | mambo-foundation | mambo | 4.6.2 | Yes |
| Application | mambo-foundation | mambo | 4.6.2 | Yes |
| Application | mambo-foundation | mambo | 4.6.2 | Yes |
| Application | mambo-foundation | mambo | 4.6.3 | Yes |
| Application | mambo-foundation | mambo | 4.6.4 | Yes |