Vulnerabilities (CVE)

Filtered by vendor Mambo Subscribe
Total 123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4456 2 Mambo, Parkview Consultants 2 Mambo, Simplefaq 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.
CVE-2007-4203 1 Mambo 1 Mambo Open Source 2024-11-21 9.3 HIGH N/A
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
CVE-2007-2557 1 Mambo 1 Mambo 2024-11-21 4.0 MEDIUM N/A
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-2196 2 Joomla, Mambo 2 Jambook, Jambook 2024-11-21 6.8 MEDIUM N/A
** DISPUTED ** PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request.
CVE-2007-2049 1 Mambo 1 Mambo Calendar 2024-11-21 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
CVE-2007-2005 2 Joomla, Mambo 2 Taskhopper Component, Taskhopper Component 2024-11-21 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
CVE-2007-1702 1 Mambo 1 Flatmenu 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-1699 2 Joomla, Mambo 2 Swmenu Component, Swmenu Component 2024-11-21 10.0 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
CVE-2007-1596 2 Joomla, Mambo 2 Nfn Address Book, Nfn Address Book 2024-11-21 9.3 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
CVE-2007-0789 1 Mambo 1 Mambo 2024-11-21 6.8 MEDIUM N/A
SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.
CVE-2007-0374 2 Joomla, Mambo 2 Joomla, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
CVE-2006-7202 1 Mambo 1 Mambo Open Source 2024-11-21 7.8 HIGH N/A
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
CVE-2006-7150 1 Mambo 1 Mambo Open Source 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
CVE-2006-7149 1 Mambo 1 Mambo 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.
CVE-2006-7104 1 Mambo 1 Mostlyce 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-6634 1 Mambo 1 Extcalthai Module 2024-11-21 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2006-5044 2 Joomla, Mambo 2 Prince Clan Chess Component, Prince Clan Chess Component 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVE-2006-4556 2 Joomla, Mambo 2 Jim Component, Jim Component 2024-11-21 7.5 HIGH N/A
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242.
CVE-2006-4553 2 Joomla, Mambo 2 Com Comprofiler Component, Com Comprofiler Component 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4375 1 Mambo 1 Contacts Xtd Component 2024-11-21 7.5 HIGH N/A
** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined.