VYPR

Mambo

by Mambo (software)

CVEs (46)

  • CVE-2007-5362Oct 11, 2007
    risk 0.06cvss epss 0.37

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)…

  • CVE-2008-2905Jun 30, 2008
    risk 0.04cvss epss 0.18

    PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2011-2917Dec 8, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

  • CVE-2008-7213Sep 11, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.

  • CVE-2008-5226Nov 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

  • CVE-2008-3712Aug 19, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connecto…

  • CVE-2008-0829Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

  • CVE-2008-0795Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

  • CVE-2008-0561Feb 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0562Feb 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0517Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

  • CVE-2008-0510Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

  • CVE-2007-6455Dec 20, 2007
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.

  • CVE-2007-5177Oct 3, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.

  • CVE-2007-4505Aug 23, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

  • CVE-2007-4456Aug 21, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in…

  • CVE-2006-3980Aug 5, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-3262Jun 27, 2006
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

  • CVE-2006-1794Apr 17, 2006
    risk 0.03cvss epss 0.06

    SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a)…

  • CVE-2006-0871Feb 24, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection…

Page 1 of 3