Vulnerabilities > Mambo

DATE CVE VULNERABILITY TITLE RISK
2009-09-28 CVE-2009-3434 SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
network
low complexity
onestopjoomla joomla mambo CWE-89
7.5
2009-09-23 CVE-2009-3333 Code Injection vulnerability in Alibasta COM Koesubmit 1.0
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
mambo alibasta CWE-94
7.5
2009-05-28 CVE-2008-6814 Improper Input Validation vulnerability in JAN DE Graaff COM Simpleboard
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
6.8
2009-04-07 CVE-2008-6653 SQL Injection vulnerability in Wh-Com COM Webhosting
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
network
low complexity
joomla mambo wh-com CWE-89
7.5
2009-02-24 CVE-2009-0730 SQL Injection vulnerability in Gigcalendar COM Gigcalendar 1.0
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
6.8
2009-02-24 CVE-2009-0726 SQL Injection vulnerability in Gigcalendar COM Gigcalendar 1.0
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
network
low complexity
gigcalendar joomla mambo CWE-89
7.5
2009-02-23 CVE-2009-0706 SQL Injection vulnerability in Simple-Review COM Simple Review 1.3.5
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
network
low complexity
simple-review joomla mambo CWE-89
7.5
2008-12-17 CVE-2008-5643 SQL Injection vulnerability in Joomla COM Books
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
network
low complexity
joomla mambo CWE-89
7.5
2008-11-25 CVE-2008-5226 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
network
low complexity
mambads joomla mambo CWE-89
7.5
2008-11-24 CVE-2008-5208 SQL Injection vulnerability in Joomla COM Datsogallery 1.6
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
network
low complexity
joomla mambo CWE-89
7.5