CVE-2007-0374 Information

Description

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta and (2) Mambo 4.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://osvdb.org/32520 http://www.hackers.ir/advisories/festival.txt http://www.securityfocus.com/archive/1/459203/100/0/threaded http://www.securityfocus.com/bid/19734