VYPR

Vendor CVEs

Mambo (software)

All CVEs

177 total · sorted by risk
  • CVE-2008-0721Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.

  • CVE-2008-0686Feb 12, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2008-0652Feb 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

  • CVE-2008-0606Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.

  • CVE-2008-0603Feb 6, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.

  • CVE-2008-0561Feb 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0562Feb 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0557Feb 4, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0517Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

  • CVE-2008-0510Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

  • CVE-2008-0514Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.

  • CVE-2008-0512Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

  • CVE-2008-0515Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

  • CVE-2008-0511Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

  • CVE-2008-0518Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

  • CVE-2008-0519Jan 31, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.

  • CVE-2007-6455Dec 20, 2007
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.

  • CVE-2007-6362Dec 15, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.

  • CVE-2007-5177Oct 3, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.

  • CVE-2007-4505Aug 23, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

  • CVE-2007-4456Aug 21, 2007
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in…

  • CVE-2007-2792May 22, 2007
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in the Yet another Newsletter Component (aka YaNC or com_yanc) component before 1.5 beta 3 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter to index.php. NOTE: some of these details are obtained…

  • CVE-2007-2044Apr 16, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

  • CVE-2007-2049Apr 16, 2007
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.

  • CVE-2007-1992Apr 12, 2007
    risk 0.03cvss epss 0.06

    Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.

  • CVE-2007-1702Mar 27, 2007
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-7104Mar 3, 2007
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-6634Dec 18, 2006
    risk 0.03cvss epss 0.03

    Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the…

  • CVE-2006-6051Nov 22, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-5519Oct 26, 2006
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-5044Sep 27, 2006
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.

  • CVE-2006-4553Sep 6, 2006
    risk 0.03cvss epss 0.05

    PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4363Aug 27, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.

  • CVE-2006-4372Aug 26, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.

  • CVE-2006-4348Aug 24, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4322Aug 24, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4321Aug 24, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4296Aug 23, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.

  • CVE-2006-4282Aug 22, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

  • CVE-2006-4288Aug 22, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details…

  • CVE-2006-4270Aug 21, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4241Aug 21, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4195Aug 17, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in…

  • CVE-2006-4203Aug 17, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-3980Aug 5, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-3962Aug 1, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path…

  • CVE-2006-3947Aug 1, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-3949Aug 1, 2006
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-3930Jul 31, 2006
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

  • CVE-2006-3846Jul 25, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.