Mambo (software)
Mambo was a free software/open source content management system (CMS) for creating and managing websites through a simple web interface. Its last release was in 2008, by which time all of the developers had left for forks of the project, mainly Joomla and MiaCMS.
Products
145- 46 CVEs
- 9 CVEs
- 8 CVEs
- 6 CVEs
- 4 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- View all 145 products →
Recent CVEs
177| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4264 | Cri | 0.64 | 9.8 | 0.02 | Aug 21, 2006 | Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. … | ||
| CVE-2007-5362 | 0.06 | — | 0.37 | Oct 11, 2007 | Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)… | |||
| CVE-2008-2905 | 0.04 | — | 0.18 | Jun 30, 2008 | PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2007-2043 | 0.04 | — | 0.07 | Apr 16, 2007 | Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or… | |||
| CVE-2007-2005 | 0.04 | — | 0.07 | Apr 12, 2007 | Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3)… | |||
| CVE-2007-1699 | 0.04 | — | 0.11 | Mar 27, 2007 | Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to… | |||
| CVE-2007-1596 | 0.04 | — | 0.08 | Mar 22, 2007 | Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)… | |||
| CVE-2006-3340 | 0.04 | — | 0.15 | Jul 3, 2006 | Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2)… | |||
| CVE-2006-7247 | 0.03 | — | 0.01 | Sep 6, 2012 | SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||
| CVE-2011-2917 | 0.03 | — | 0.01 | Dec 8, 2011 | SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | |||
| CVE-2009-4578 | 0.03 | — | 0.01 | Jan 6, 2010 | Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. | |||
| CVE-2009-4474 | 0.03 | — | 0.01 | Dec 30, 2009 | SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||
| CVE-2009-4199 | 0.03 | — | 0.01 | Dec 4, 2009 | Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action… | |||
| CVE-2009-3333 | 0.03 | — | 0.02 | Sep 23, 2009 | PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2008-7213 | 0.03 | — | 0.02 | Sep 11, 2009 | Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. | |||
| CVE-2008-6814 | 0.03 | — | 0.03 | May 28, 2009 | Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing… | |||
| CVE-2008-6653 | 0.03 | — | 0.02 | Apr 7, 2009 | SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||
| CVE-2008-6481 | 0.03 | — | 0.01 | Mar 17, 2009 | SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||
| CVE-2009-0730 | 0.03 | — | 0.01 | Feb 24, 2009 | Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which… | |||
| CVE-2009-0726 | 0.03 | — | 0.02 | Feb 24, 2009 | SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. |
- risk 0.64cvss 9.8epss 0.02
Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. …
- CVE-2007-5362Oct 11, 2007risk 0.06cvss —epss 0.37
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)…
- CVE-2008-2905Jun 30, 2008risk 0.04cvss —epss 0.18
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2007-2043Apr 16, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or…
- CVE-2007-2005Apr 12, 2007risk 0.04cvss —epss 0.07
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3)…
- CVE-2007-1699Mar 27, 2007risk 0.04cvss —epss 0.11
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…
- CVE-2007-1596Mar 22, 2007risk 0.04cvss —epss 0.08
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)…
- CVE-2006-3340Jul 3, 2006risk 0.04cvss —epss 0.15
Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2)…
- CVE-2006-7247Sep 6, 2012risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
- CVE-2011-2917Dec 8, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
- CVE-2009-4578Jan 6, 2010risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
- CVE-2009-4474Dec 30, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
- CVE-2009-4199Dec 4, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action…
- CVE-2009-3333Sep 23, 2009risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2008-7213Sep 11, 2009risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
- CVE-2008-6814May 28, 2009risk 0.03cvss —epss 0.03
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing…
- CVE-2008-6653Apr 7, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
- CVE-2008-6481Mar 17, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
- CVE-2009-0730Feb 24, 2009risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which…
- CVE-2009-0726Feb 24, 2009risk 0.03cvss —epss 0.02
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.