Vulnerabilities (CVE)

Filtered by vendor Mambo Subscribe
Total 123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0721 1 Mambo 1 Com Sermon 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
CVE-2008-0686 2 Joomla, Mambo 2 Com Neoreferences, Com Neoreferences 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-0652 2 Joomla, Mambo 2 Com Downloads, Com Downloads 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
CVE-2008-0607 3 Joomla, Mambo, Sigsiu.net 3 Com Sobi2, Com Sobi2, Sobi2 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0606 3 Joomla, Mambo, Phil Taylor 3 Com Shambo2, Com Shambo2, Shambo2 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.
CVE-2008-0603 3 Amazoop, Joomla, Mambo 3 Awesom, Com Awesom, Com Awesom 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.
CVE-2008-0561 3 Arthur Konze Webdesign, Joomla, Mambo 3 Akogallery, Joomla, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-0519 2 Joomla, Mambo 2 Com Jokes, Com Jokes 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
CVE-2008-0518 2 Joomla, Mambo 2 Com Recipes, Com Recipes 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-0517 3 Darko Selesi, Joomla, Mambo 3 Estateagent, Joomla, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
CVE-2008-0515 2 Joomla, Mambo 2 Musepoes Component, Musepoes Component 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
CVE-2008-0514 2 Joomla, Mambo 2 Glossary, Glossary 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
CVE-2008-0511 2 Joomla, Mambo 2 Com Mamml, Com Mamml 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
CVE-2008-0510 2 Joomla, Mambo 3 Com Newsletter, Com Newsletter, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
CVE-2008-0261 1 Mambo 1 Mambo Open Source 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
CVE-2007-6455 1 Mambo 1 Mambo 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
CVE-2007-5362 3 Ag-solutions, Joomla, Mambo 3 Mosmedia Lite, Joomla, Mambo 2024-11-21 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.
CVE-2007-5177 2 Mambads, Mambo 2 Mambads, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
CVE-2007-4745 2 Joomla, Mambo 2 Akobook, Mambo Site Server 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
CVE-2007-4505 2 Mambo, Mamboserver 2 Remository, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.