| Security Announcement |
| Jun 20, 2006 at 03:44 AM | |
Security Announcement An SQL injection vulnerability has been identified in Mambo versions <= 4.6RC1. Meaning that current production version 4.5.4 as well as recent versions 4.5.3h, 4.5.3, and 4.5.2.3 are at risk. The quickest way to plug this hole is to open /components/com_weblinks/weblinks.php and add the following two lines at line 250. Code: $row->title = $database->getEscaped($row->title); $row->catid = $database->getEscaped($row->catid); We recommend you patch this as soon as possible. For those not comfortable with editing the files you can download the patch and install by overwriting the original file with the new one contained in the patch package. Download the appropriate patch here in the Downloads section, under "Core Files > Security Updates." |
| <Previous | Next> |
|---|
Menu
If you have some Mambo news that you would like to share with the community, please submit your short story, article, announcement or review here.