First published: Thu Feb 07 2008(Updated: )
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mambo | ||
Joomla! Com Downloads |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-0652 has been classified with a medium severity level due to its potential for SQL injection exploits.
To fix CVE-2008-0652, update to the latest version of the Downloads component for either Mambo or Joomla! that addresses this vulnerability.
CVE-2008-0652 affects the Downloads component (com_downloads) in both Mambo and Joomla! applications.
CVE-2008-0652 allows remote attackers to execute arbitrary SQL commands, leading to potential data compromise.
A possible workaround for CVE-2008-0652 is to validate and sanitize input parameters to prevent SQL injection.