Mambo
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5362 | 0.06 | — | 0.37 | Oct 11, 2007 | Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)… | |||
| CVE-2008-2905 | 0.04 | — | 0.18 | Jun 30, 2008 | PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2011-2917 | 0.03 | — | 0.01 | Dec 8, 2011 | SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | |||
| CVE-2008-7213 | 0.03 | — | 0.02 | Sep 11, 2009 | Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. | |||
| CVE-2008-5226 | 0.03 | — | 0.01 | Nov 25, 2008 | SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | |||
| CVE-2008-3712 | 0.03 | — | 0.02 | Aug 19, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connecto… | |||
| CVE-2008-0829 | 0.03 | — | 0.01 | Feb 19, 2008 | SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task. | |||
| CVE-2008-0795 | 0.03 | — | 0.01 | Feb 15, 2008 | SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||
| CVE-2008-0561 | 0.03 | — | 0.01 | Feb 4, 2008 | SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||
| CVE-2008-0562 | 0.03 | — | 0.01 | Feb 4, 2008 | SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||
| CVE-2008-0517 | 0.03 | — | 0.01 | Jan 31, 2008 | SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. | |||
| CVE-2008-0510 | 0.03 | — | 0.01 | Jan 31, 2008 | SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | |||
| CVE-2007-6455 | 0.03 | — | 0.01 | Dec 20, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | |||
| CVE-2007-5177 | 0.03 | — | 0.01 | Oct 3, 2007 | SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | |||
| CVE-2007-4505 | 0.03 | — | 0.01 | Aug 23, 2007 | SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | |||
| CVE-2007-4456 | 0.03 | — | 0.02 | Aug 21, 2007 | SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in… | |||
| CVE-2006-3980 | 0.03 | — | 0.06 | Aug 5, 2006 | PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2006-3262 | 0.03 | — | 0.02 | Jun 27, 2006 | SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||
| CVE-2006-1794 | 0.03 | — | 0.06 | Apr 17, 2006 | SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a)… | |||
| CVE-2006-0871 | 0.03 | — | 0.02 | Feb 24, 2006 | Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection… |
- CVE-2007-5362Oct 11, 2007risk 0.06cvss —epss 0.37
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)…
- CVE-2008-2905Jun 30, 2008risk 0.04cvss —epss 0.18
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2011-2917Dec 8, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
- CVE-2008-7213Sep 11, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
- CVE-2008-5226Nov 25, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
- CVE-2008-3712Aug 19, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connecto…
- CVE-2008-0829Feb 19, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
- CVE-2008-0795Feb 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
- CVE-2008-0561Feb 4, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
- CVE-2008-0562Feb 4, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
- CVE-2008-0517Jan 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
- CVE-2008-0510Jan 31, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
- CVE-2007-6455Dec 20, 2007risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
- CVE-2007-5177Oct 3, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
- CVE-2007-4505Aug 23, 2007risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
- CVE-2007-4456Aug 21, 2007risk 0.03cvss —epss 0.02
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in…
- CVE-2006-3980Aug 5, 2006risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2006-3262Jun 27, 2006risk 0.03cvss —epss 0.02
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
- CVE-2006-1794Apr 17, 2006risk 0.03cvss —epss 0.06
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a)…
- CVE-2006-0871Feb 24, 2006risk 0.03cvss —epss 0.02
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection…
Page 1 of 3