Vulnerabilities > Mambo Foundation

DATE CVE VULNERABILITY TITLE RISK
2008-05-28 CVE-2008-2498 SQL Injection vulnerability in Mambo-Foundation Mambo
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters.
network
low complexity
mambo-foundation CWE-89
7.5
2008-05-28 CVE-2008-2497 Code Injection vulnerability in Mambo-Foundation Mambo
CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
mambo-foundation CWE-94
5.0
2008-03-24 CVE-2008-1465 SQL Injection vulnerability in Detodas COM Restaurante 1.0
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
9.3
2008-02-15 CVE-2008-0801 SQL Injection vulnerability in Paxxgallery COM Paxxgallery 0.2
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.
network
low complexity
paxxgallery joomla mambo-foundation CWE-89
7.5