Vulnerabilities > Mambo Foundation

DATE CVE VULNERABILITY TITLE RISK
2020-02-12 CVE-2011-2499 Cross-site Scripting vulnerability in Mambo-Foundation Mambo CMS
Mambo CMS through 4.6.5 has multiple XSS.
4.3
2019-02-15 CVE-2013-2565 Path Traversal vulnerability in Mambo-Foundation Mambo CMS 4.6.5
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
network
low complexity
mambo-foundation CWE-22
5.0
2014-06-09 CVE-2013-2564 Resource Management Errors vulnerability in Mambo-Foundation Mambo CMS 4.6.5
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
network
low complexity
mambo-foundation CWE-399
5.0
2014-06-09 CVE-2013-2563 Permissions, Privileges, and Access Controls vulnerability in Mambo-Foundation Mambo CMS 4.6.5
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
local
low complexity
mambo-foundation CWE-264
2.1
2014-06-09 CVE-2013-2562 Credentials Management vulnerability in Mambo-Foundation Mambo CMS 4.6.5
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
local
low complexity
mambo-foundation CWE-255
2.1
2012-09-06 CVE-2006-7247 SQL Injection vulnerability in Joomla COM Weblinks
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
network
low complexity
joomla mambo-foundation CWE-89
7.5
2011-12-08 CVE-2011-2917 SQL Injection vulnerability in Mambo-Foundation Mambo
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
network
low complexity
mambo-foundation CWE-89
7.5
2011-10-09 CVE-2010-4944 SQL Injection vulnerability in Joomla COM Elite Experts
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
network
low complexity
joomla mambo-foundation CWE-89
7.5
2011-09-23 CVE-2011-3754 Information Exposure vulnerability in Mambo-Foundation Mambo 4.6.5
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
network
low complexity
mambo-foundation CWE-200
5.0
2010-01-06 CVE-2009-4579 Cross-Site Scripting vulnerability in Joomla COM Artistavenue
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
4.3