CVE-2011-2917

Published Dec 8, 2011

Last updated 13 years ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CA3756B-1160-4E9D-B19B-0C1C1D8FE20C",
            "versionEndIncluding": "4.6.5"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FFE59D0-EEA1-475F-8A20-BC92E73EE1AA"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97519D68-A5DA-40FF-98D2-0300B72F0473"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF3EE73B-D256-4D3C-A10A-E463AEC21C2D"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E714DF45-E581-4775-B6C2-73FBAED378FE"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97BAB160-6BB4-4535-BA60-B25303793FBD"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:pre1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D846FC2E-AC9C-454B-9216-52AA3D941F3D"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.2:pre2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51953983-F2AF-4AE9-BE57-82D8ECBB38C0"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E11D5F35-01BF-4D42-9BA3-F157DCA6A53F"
          },
          {
            "criteria": "cpe:2.3:a:mambo-foundation:mambo:4.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EC22D94-288F-41CC-B9E3-94F1677FCDA6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References