- EPSS 0.59%
- Published 11.09.2009 16:30:00
- Last modified 09.04.2025 00:30:58
MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installati...
CVE-2008-7213
- EPSS 1.03%
- Published 11.09.2009 16:30:00
- Last modified 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML...
CVE-2008-7214
- EPSS 0.3%
- Published 11.09.2009 16:30:00
- Last modified 09.04.2025 00:30:58
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator acc...
CVE-2008-7215
- EPSS 2.1%
- Published 11.09.2009 16:30:00
- Last modified 09.04.2025 00:30:58
The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameter...