Description
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
Affected products
- Mambo / mambo4.5.0.2 – 4.5.0.2
- Mambo / mambo4.5.1.3 – 4.5.1.3
- Mambo / mambo4.5.1a – 4.5.1a
- Mambo / mambo4.5.2 – 4.5.2
- Mambo / mambo4.5.2.2 – 4.5.2.2
- Mambo / mambo4.5_1.0.9 – 4.5_1.0.9