Vulnerabilities > Mambo Foundation
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-28 | CVE-2008-2498 | SQL Injection vulnerability in Mambo-Foundation Mambo Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. | 7.5 |
2008-05-28 | CVE-2008-2497 | Code Injection vulnerability in Mambo-Foundation Mambo CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 5.0 |
2008-03-24 | CVE-2008-1465 | SQL Injection vulnerability in Detodas COM Restaurante 1.0 SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | 9.3 |
2008-02-15 | CVE-2008-0801 | SQL Injection vulnerability in Paxxgallery COM Paxxgallery 0.2 SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | 7.5 |