Vulnerabilities > Mambo Foundation > Mambo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-06 | CVE-2006-7247 | SQL Injection vulnerability in Joomla COM Weblinks SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
| 2011-12-08 | CVE-2011-2917 | SQL Injection vulnerability in Mambo-Foundation Mambo SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | 7.5 |
| 2011-10-09 | CVE-2010-4944 | SQL Injection vulnerability in Joomla COM Elite Experts SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. | 7.5 |
| 2009-12-30 | CVE-2009-4474 | SQL Injection vulnerability in Mikedeboer COM Zoom 2.0 SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2009-03-17 | CVE-2008-6481 | SQL Injection vulnerability in Joomprod COM Versioning 1.0.2 SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | 7.5 |
| 2009-02-21 | CVE-2008-6234 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2008-10-20 | CVE-2008-4617 | SQL Injection vulnerability in Pyxicom Actualite 1.0 SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-05-28 | CVE-2008-2498 | SQL Injection vulnerability in Mambo-Foundation Mambo Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. | 7.5 |
| 2008-02-15 | CVE-2008-0801 | SQL Injection vulnerability in Paxxgallery COM Paxxgallery 0.2 SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | 7.5 |