VYPR
Vendor

Mambo (software)

Mambo was a free software/open source content management system (CMS) for creating and managing websites through a simple web interface. Its last release was in 2008, by which time all of the developers had left for forks of the project, mainly Joomla and MiaCMS.

Founded 2000
Products
145
CVEs
177
Across products
116
Status
Private

Products

145
View all 145 products →

Recent CVEs

177
View all 177 CVEs →
  • CVE-2006-4264CriAug 21, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. …

  • CVE-2007-5362Oct 11, 2007
    risk 0.06cvss epss 0.37

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)…

  • CVE-2008-2905Jun 30, 2008
    risk 0.04cvss epss 0.18

    PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2007-2043Apr 16, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or…

  • CVE-2007-2005Apr 12, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3)…

  • CVE-2007-1699Mar 27, 2007
    risk 0.04cvss epss 0.11

    Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…

  • CVE-2007-1596Mar 22, 2007
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)…

  • CVE-2006-3340Jul 3, 2006
    risk 0.04cvss epss 0.15

    Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2)…

  • CVE-2006-7247Sep 6, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

  • CVE-2011-2917Dec 8, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

  • CVE-2009-4578Jan 6, 2010
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

  • CVE-2009-4474Dec 30, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2009-4199Dec 4, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action…

  • CVE-2009-3333Sep 23, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2008-7213Sep 11, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.

  • CVE-2008-6814May 28, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing…

  • CVE-2008-6653Apr 7, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-6481Mar 17, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

  • CVE-2009-0730Feb 24, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which…

  • CVE-2009-0726Feb 24, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.