SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
http://www.securityfocus.com/bid/13966
http://securitytracker.com/id?1014222
http://secunia.com/advisories/15710