VYPR

Mambo

by Mambo (software)

CVEs (46)

  • CVE-2006-3263Jun 27, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2006-1956Apr 21, 2006
    risk 0.00cvss epss 0.01

    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.

  • CVE-2006-1957Apr 21, 2006
    risk 0.00cvss epss 0.02

    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.

  • CVE-2005-4156Dec 11, 2005
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.

  • CVE-2005-3586Nov 16, 2005
    risk 0.00cvss epss 0.01

    content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.

  • CVE-2005-0512Feb 21, 2005
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than…

Page 3 of 3