Unrated severityNVD Advisory· Published Dec 8, 2011· Updated Apr 29, 2026

CVE-2011-2917

Description

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

Affected products

Mambo Foundation/Mambo10 versions
cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mambo-foundation:mambo:*:*:*:*:*:*:*:*range: <=4.6.5
- cpe:2.3:a:mambo-foundation:mambo:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6.2:pre1:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6.2:pre2:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mambo-foundation:mambo:4.6.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/18110nvdExploit
www.openwall.com/lists/oss-security/2011/08/12/6nvdExploit
www.osvdb.org/74502nvdExploit
www.securityfocus.com/bid/49130nvdExploit
yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injectionnvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000