Total
40 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||||
CVE-2008-0510 | 2 Joomla, Mambo | 3 Com Newsletter, Com Newsletter, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | |||||
CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | |||||
CVE-2007-5177 | 2 Mambads, Mambo | 2 Mambads, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | |||||
CVE-2008-0561 | 3 Arthur Konze Webdesign, Joomla, Mambo | 3 Akogallery, Joomla, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
CVE-2007-5362 | 3 Ag-solutions, Joomla, Mambo | 3 Mosmedia Lite, Joomla, Mambo | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. | |||||
CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||||
CVE-2006-7149 | 1 Mambo | 1 Mambo | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. | |||||
CVE-2007-2557 | 1 Mambo | 1 Mambo | 2023-12-10 | 4.0 MEDIUM | N/A |
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-6455 | 1 Mambo | 1 Mambo | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | |||||
CVE-2008-0517 | 3 Darko Selesi, Joomla, Mambo | 3 Estateagent, Joomla, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. | |||||
CVE-2008-0829 | 3 Joomla, Joomlapixel, Mambo | 3 Joomla, Jooget, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task. | |||||
CVE-2006-1794 | 1 Mambo | 1 Mambo | 2023-12-10 | 7.6 HIGH | N/A |
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | |||||
CVE-2005-2002 | 1 Mambo | 1 Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | |||||
CVE-2005-0512 | 1 Mambo | 1 Mambo | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | |||||
CVE-2006-3262 | 1 Mambo | 1 Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
CVE-2006-3263 | 1 Mambo | 1 Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2006-0871 | 1 Mambo | 1 Mambo | 2023-12-10 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. | |||||
CVE-2004-1693 | 1 Mambo | 1 Mambo | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. |