SQL Injection Weaknesses Found in Mambo, Joomla

Potentially serious security flaws have been found in existing versions of the Mambo and Joomla content management systems, and developers of the two projects are advising users to install upgrades or security patches as soon as possible. Both programs are vulnerable to SQL injection attacks, which allow remote attackers to execute commands on the web server in by typing SQL code into form fields. Joomla is a fork of Mambo, with both programs derived from the same code base.

Mambo and Joomla are open source projects which use the PHP scripting language and MySQL database. These applications are popular with web site owners because they are powerful, user-friendly, and can be installed by users with little or no PHP coding experience. They are also frequently targeted by Internet criminals seeking to crack web servers for use in botnets, phishing scams and distributed denial of service (DDoS) attacks. Netcraft: SQL Injection Weaknesses Found in Mambo, Joomla

Linked by shanmuga Wednesday, 28th June 2006 3:41AM