VYPR

Vendor CVEs

Mambo (software)

All CVEs

177 total · sorted by risk
  • CVE-2006-4264CriAug 21, 2006
    risk 0.64cvss 9.8epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. …

  • CVE-2007-5362Oct 11, 2007
    risk 0.06cvss epss 0.37

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2)…

  • CVE-2008-2905Jun 30, 2008
    risk 0.04cvss epss 0.18

    PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2007-2043Apr 16, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or…

  • CVE-2007-2005Apr 12, 2007
    risk 0.04cvss epss 0.07

    Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3)…

  • CVE-2007-1699Mar 27, 2007
    risk 0.04cvss epss 0.11

    Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to…

  • CVE-2007-1596Mar 22, 2007
    risk 0.04cvss epss 0.08

    Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)…

  • CVE-2006-3340Jul 3, 2006
    risk 0.04cvss epss 0.15

    Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2)…

  • CVE-2006-7247Sep 6, 2012
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

  • CVE-2011-2917Dec 8, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

  • CVE-2009-4578Jan 6, 2010
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

  • CVE-2009-4474Dec 30, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2009-4199Dec 4, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action…

  • CVE-2009-3333Sep 23, 2009
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2008-7213Sep 11, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.

  • CVE-2008-6814May 28, 2009
    risk 0.03cvss epss 0.03

    Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing…

  • CVE-2008-6653Apr 7, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-6481Mar 17, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

  • CVE-2009-0730Feb 24, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which…

  • CVE-2009-0726Feb 24, 2009
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.

  • CVE-2008-6234Feb 21, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

  • CVE-2009-0380Feb 2, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. …

  • CVE-2008-5226Nov 25, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

  • CVE-2008-3712Aug 19, 2008
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connecto…

  • CVE-2008-2990Jul 2, 2008
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

  • CVE-2008-2095May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

  • CVE-2008-2093May 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.

  • CVE-2008-1848Apr 16, 2008
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.

  • CVE-2008-1540Mar 28, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details…

  • CVE-2008-1465Mar 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.

  • CVE-2008-1459Mar 24, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

  • CVE-2008-1297Mar 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

  • CVE-2008-1137Mar 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

  • CVE-2008-1077Feb 29, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.

  • CVE-2008-0853Feb 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.

  • CVE-2008-0854Feb 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.

  • CVE-2008-0855Feb 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

  • CVE-2008-0846Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.

  • CVE-2008-0841Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0832Feb 20, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.

  • CVE-2008-0829Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

  • CVE-2008-0817Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

  • CVE-2008-0810Feb 19, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0799Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

  • CVE-2008-0801Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.

  • CVE-2008-0795Feb 15, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

  • CVE-2008-0772Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.

  • CVE-2008-0773Feb 14, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-0746Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0752Feb 13, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.

Page 1 of 4