Vulnerabilities > Mambo > Mambo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-31 | CVE-2008-0517 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. | 7.5 |
| 2008-01-31 | CVE-2008-0510 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | 7.5 |
| 2007-12-20 | CVE-2007-6455 | Cross-Site Scripting vulnerability in Mambo 4.6.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | 4.3 |
| 2007-10-11 | CVE-2007-5362 | Code Injection vulnerability in multiple products Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. | 6.8 |
| 2007-10-03 | CVE-2007-5177 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | 7.5 |
| 2007-08-21 | CVE-2007-4456 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
| 2007-05-09 | CVE-2007-2557 | Remote Security vulnerability in Mambo 4.6.1 MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. | 4.0 |
| 2007-03-07 | CVE-2006-7149 | Cross-Site Scripting vulnerability in Mambo 4.6/4.6.1 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. network mambo | 4.3 |
| 2007-01-19 | CVE-2007-0374 | SQL Injection vulnerability in Mambo/Joomla CMS ID SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | 7.5 |
| 2006-06-27 | CVE-2006-3263 | SQL-Injection vulnerability in Mambo SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |