Mambo

Mambo

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2008-5226

  • EPSS 0.17%
  • Published 25.11.2008 19:30:08
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5...

2.6

CVE-2008-3712

Exploit
  • EPSS 4.01%
  • Published 19.08.2008 19:41:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filem...

6.8

CVE-2008-2905

Exploit
  • EPSS 70.56%
  • Published 30.06.2008 18:24:00
  • Last modified 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolut...

7.5

CVE-2008-0829

Exploit
  • EPSS 0.01%
  • Published 19.02.2008 21:44:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

7.5

CVE-2008-0795

Exploit
  • EPSS 0.01%
  • Published 15.02.2008 22:00:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

7.5

CVE-2008-0561

Exploit
  • EPSS 0.01%
  • Published 04.02.2008 23:00:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

7.5

CVE-2008-0517

  • EPSS 0.01%
  • Published 31.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

7.5

CVE-2008-0510

Exploit
  • EPSS 0.01%
  • Published 31.01.2008 20:00:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

4.3

CVE-2007-6455

  • EPSS 2.52%
  • Published 20.12.2007 00:46:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.

6.8

CVE-2007-5362

Exploit
  • EPSS 0.23%
  • Published 11.10.2007 01:17:00
  • Last modified 09.04.2025 00:30:58

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter...