Mambo
Sign in to watchCVEs (26)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-0374 | 0.00 | — | 0.00 | Jan 19, 2007 | SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | ||
| CVE-2006-4286 | 0.00 | — | 0.01 | Aug 22, 2006 | PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate | ||
| CVE-2006-3263 | 0.00 | — | 0.01 | Jun 27, 2006 | SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||
| CVE-2006-1956 | 0.00 | — | 0.00 | Apr 21, 2006 | The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | ||
| CVE-2005-3586 | 0.00 | — | 0.00 | Nov 16, 2005 | content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | ||
| CVE-2005-0512 | 0.00 | — | 0.01 | Feb 21, 2005 | PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. |
Page 2 of 2