Vulnerabilities > Mambo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-21 | CVE-2007-4456 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
| 2007-08-08 | CVE-2007-4203 | Improper Authentication vulnerability in Mambo Open Source 4.6.2 Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | 9.3 |
| 2007-05-09 | CVE-2007-2557 | Remote Security vulnerability in Mambo 4.6.1 MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. | 4.0 |
| 2007-05-09 | CVE-2006-7202 | Unspecified vulnerability in Mambo Open Source 4.6.1 The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | 7.8 |
| 2007-04-16 | CVE-2007-2049 | Remote File Include vulnerability in Mambo Calendar 1.5.5 Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. network mambo | 6.8 |
| 2007-04-12 | CVE-2007-2005 | Code Injection vulnerability in multiple products Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. | 6.8 |
| 2007-03-27 | CVE-2007-1702 | Remote File Include vulnerability in Mambo FlatMenu Module MosConfig_Absolute_Path PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network mambo | 6.8 |
| 2007-03-27 | CVE-2007-1699 | Remote File Include vulnerability in Mambo SWMenu MosConfig_Absolute_Path Parameter Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | 10.0 |
| 2007-03-22 | CVE-2007-1596 | Remote File Include vulnerability in NFN Address Book mosConfig_Absolute_Path Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | 9.3 |
| 2007-03-07 | CVE-2006-7150 | SQL-Injection vulnerability in Mambo Open Source 4.6/4.6.1 Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | 7.5 |