Vulnerabilities > Mambo Foundation > Mambo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-11 | CVE-2008-7213 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. | 4.3 |
| 2009-09-11 | CVE-2008-7212 | Permissions, Privileges, and Access Controls vulnerability in multiple products MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. | 5.0 |
| 2009-03-17 | CVE-2008-6481 | SQL Injection vulnerability in Joomprod COM Versioning 1.0.2 SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | 7.5 |
| 2009-02-21 | CVE-2008-6234 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2008-10-20 | CVE-2008-4617 | SQL Injection vulnerability in Pyxicom Actualite 1.0 SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-05-28 | CVE-2008-2498 | SQL Injection vulnerability in Mambo-Foundation Mambo Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. | 7.5 |
| 2008-05-28 | CVE-2008-2497 | Code Injection vulnerability in Mambo-Foundation Mambo CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
| 2008-03-24 | CVE-2008-1465 | SQL Injection vulnerability in Detodas COM Restaurante 1.0 SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | 9.3 |
| 2008-02-15 | CVE-2008-0801 | SQL Injection vulnerability in Paxxgallery COM Paxxgallery 0.2 SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | 7.5 |