CMS
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-2917 | 0.03 | — | 0.01 | Dec 8, 2011 | SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | |||
| CVE-2013-2565 | 0.00 | — | 0.02 | Feb 15, 2019 | A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. | |||
| CVE-2013-2564 | 0.00 | — | 0.02 | Jun 9, 2014 | Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | |||
| CVE-2013-2563 | 0.00 | — | 0.00 | Jun 9, 2014 | Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||
| CVE-2013-2562 | 0.00 | — | 0.00 | Jun 9, 2014 | Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2007-4203 | 0.00 | — | 0.02 | Aug 8, 2007 | Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. |
- CVE-2011-2917Dec 8, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
- CVE-2013-2565Feb 15, 2019risk 0.00cvss —epss 0.02
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
- CVE-2013-2564Jun 9, 2014risk 0.00cvss —epss 0.02
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
- CVE-2013-2563Jun 9, 2014risk 0.00cvss —epss 0.00
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
- CVE-2013-2562Jun 9, 2014risk 0.00cvss —epss 0.00
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2007-4203Aug 8, 2007risk 0.00cvss —epss 0.02
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.