Vulnerabilities > Mambo > Mambo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-21 | CVE-2008-5200 | SQL Injection vulnerability in Joomla COM Xewebtv SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-10-29 | CVE-2008-4777 | SQL Injection vulnerability in Joomla COM LMS SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | 7.5 |
| 2008-08-19 | CVE-2008-3712 | Cross-Site Scripting vulnerability in Mambo 4.6.2/4.6.5 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. | 2.6 |
| 2008-06-30 | CVE-2008-2905 | Code Injection vulnerability in Mambo PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2008-04-16 | CVE-2008-1849 | Path Traversal vulnerability in Joomlacode Joomlaexplorer Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. | 5.0 |
| 2008-03-24 | CVE-2008-1460 | SQL Injection vulnerability in Joomlapixel COM Joovideo 1.0/1.2.2 SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-03-24 | CVE-2008-1459 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-02-19 | CVE-2008-0829 | SQL Injection vulnerability in multiple products SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task. | 7.5 |
| 2008-02-15 | CVE-2008-0795 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | 7.5 |
| 2008-02-04 | CVE-2008-0561 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | 7.5 |