Vulnerabilities > Mambo > Mambo Open Source > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-05-09 | CVE-2006-7202 | Unspecified vulnerability in Mambo Open Source 4.6.1 The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | 7.8 |
| 2007-03-07 | CVE-2006-7150 | SQL-Injection vulnerability in Mambo Open Source 4.6/4.6.1 Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | 7.5 |