Mambo

Mambo

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2007-5177

Exploit
  • EPSS 0.33%
  • Published 03.10.2007 14:17:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.

7.5

CVE-2007-4456

Exploit
  • EPSS 0.68%
  • Published 21.08.2007 21:17:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the ...

4

CVE-2007-2557

  • EPSS 0.19%
  • Published 09.05.2007 18:19:00
  • Last modified 09.04.2025 00:30:58

MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solel...

4.3

CVE-2006-7149

Exploit
  • EPSS 0.38%
  • Published 07.03.2007 20:19:00
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) ...

6.8

CVE-2007-0789

  • EPSS 0.45%
  • Published 06.02.2007 19:28:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.

7.5

CVE-2007-0374

Exploit
  • EPSS 0.01%
  • Published 19.01.2007 23:28:00
  • Last modified 09.04.2025 00:30:58

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

7.5

CVE-2006-4286

  • EPSS 1.06%
  • Published 22.08.2006 17:04:00
  • Last modified 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this i...

7.5

CVE-2006-3263

  • EPSS 0.51%
  • Published 27.06.2006 21:05:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

7.5

CVE-2006-3262

Exploit
  • EPSS 3.79%
  • Published 27.06.2006 21:05:00
  • Last modified 03.04.2025 01:03:51

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

5

CVE-2006-1956

Exploit
  • EPSS 0.01%
  • Published 21.04.2006 10:02:00
  • Last modified 03.04.2025 01:03:51

The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.