Vulnerabilities > Mambo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-28 | CVE-2009-3434 | SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0 SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3333 | Code Injection vulnerability in Alibasta COM Koesubmit 1.0 PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2009-05-28 | CVE-2008-6814 | Improper Input Validation vulnerability in JAN DE Graaff COM Simpleboard Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. | 6.8 |
| 2009-04-07 | CVE-2008-6653 | SQL Injection vulnerability in Wh-Com COM Webhosting SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2009-02-24 | CVE-2009-0730 | SQL Injection vulnerability in Gigcalendar COM Gigcalendar 1.0 Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. | 6.8 |
| 2009-02-24 | CVE-2009-0726 | SQL Injection vulnerability in Gigcalendar COM Gigcalendar 1.0 SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | 7.5 |
| 2009-02-23 | CVE-2009-0706 | SQL Injection vulnerability in Simple-Review COM Simple Review 1.3.5 SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | 7.5 |
| 2008-12-17 | CVE-2008-5643 | SQL Injection vulnerability in Joomla COM Books SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. | 7.5 |
| 2008-11-25 | CVE-2008-5226 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | 7.5 |
| 2008-11-24 | CVE-2008-5208 | SQL Injection vulnerability in Joomla COM Datsogallery 1.6 SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |