Vendor CVEs
Mambo (software)
All CVEs
177 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-7093 | 0.00 | — | 0.01 | Mar 2, 2007 | Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2006-7092 | 0.00 | — | 0.01 | Mar 2, 2007 | SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | |||
| CVE-2007-0789 | 0.00 | — | 0.01 | Feb 6, 2007 | SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter. | |||
| CVE-2007-0374 | 0.00 | — | 0.01 | Jan 19, 2007 | SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||
| CVE-2006-6049 | 0.00 | — | 0.02 | Nov 22, 2006 | PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2006-4556 | 0.00 | — | 0.01 | Sep 6, 2006 | PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not… | |||
| CVE-2006-4375 | 0.00 | — | 0.01 | Aug 26, 2006 | PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this… | |||
| CVE-2006-4286 | 0.00 | — | 0.01 | Aug 22, 2006 | PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by… | |||
| CVE-2006-4280 | 0.00 | — | 0.01 | Aug 21, 2006 | PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party,… | |||
| CVE-2006-4281 | 0.00 | — | 0.02 | Aug 21, 2006 | PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2006-4275 | 0.00 | — | 0.01 | Aug 21, 2006 | PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2006-4263 | 0.00 | — | 0.04 | Aug 21, 2006 | Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1)… | |||
| CVE-2006-4269 | 0.00 | — | 0.03 | Aug 21, 2006 | PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by… | |||
| CVE-2006-4229 | 0.00 | — | 0.02 | Aug 18, 2006 | PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||
| CVE-2006-3981 | 0.00 | — | 0.01 | Aug 5, 2006 | PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is… | |||
| CVE-2006-3302 | 0.00 | — | 0.01 | Jun 29, 2006 | PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown;… | |||
| CVE-2006-3263 | 0.00 | — | 0.01 | Jun 27, 2006 | SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||
| CVE-2006-1956 | 0.00 | — | 0.01 | Apr 21, 2006 | The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | |||
| CVE-2006-1957 | 0.00 | — | 0.02 | Apr 21, 2006 | The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | |||
| CVE-2006-1421 | 0.00 | — | 0.01 | Mar 28, 2006 | Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter. | |||
| CVE-2005-4156 | 0.00 | — | 0.02 | Dec 11, 2005 | Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | |||
| CVE-2005-3586 | 0.00 | — | 0.01 | Nov 16, 2005 | content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | |||
| CVE-2005-0512 | 0.00 | — | 0.01 | Feb 21, 2005 | PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than… | |||
| CVE-2003-1204 | 0.00 | — | 0.04 | Dec 31, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4)… | |||
| CVE-2002-1662 | 0.00 | — | 0.01 | Dec 31, 2002 | Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | |||
| CVE-2002-2290 | 0.00 | — | 0.02 | Dec 31, 2002 | Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | |||
| CVE-2001-1011 | 0.00 | — | 0.04 | Jul 25, 2001 | index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. |
- CVE-2006-7093Mar 2, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-7092Mar 2, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
- CVE-2007-0789Feb 6, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.
- CVE-2007-0374Jan 19, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
- CVE-2006-6049Nov 22, 2006risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2006-4556Sep 6, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not…
- CVE-2006-4375Aug 26, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this…
- CVE-2006-4286Aug 22, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by…
- CVE-2006-4280Aug 21, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party,…
- CVE-2006-4281Aug 21, 2006risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2006-4275Aug 21, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2006-4263Aug 21, 2006risk 0.00cvss —epss 0.04
Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1)…
- CVE-2006-4269Aug 21, 2006risk 0.00cvss —epss 0.03
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by…
- CVE-2006-4229Aug 18, 2006risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
- CVE-2006-3981Aug 5, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is…
- CVE-2006-3302Jun 29, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown;…
- CVE-2006-3263Jun 27, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
- CVE-2006-1956Apr 21, 2006risk 0.00cvss —epss 0.01
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
- CVE-2006-1957Apr 21, 2006risk 0.00cvss —epss 0.02
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
- CVE-2006-1421Mar 28, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.
- CVE-2005-4156Dec 11, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
- CVE-2005-3586Nov 16, 2005risk 0.00cvss —epss 0.01
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
- CVE-2005-0512Feb 21, 2005risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than…
- CVE-2003-1204Dec 31, 2003risk 0.00cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4)…
- CVE-2002-1662Dec 31, 2002risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
- CVE-2002-2290Dec 31, 2002risk 0.00cvss —epss 0.02
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
- CVE-2001-1011Jul 25, 2001risk 0.00cvss —epss 0.04
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
Page 4 of 4