Vulnerabilities > Mambo > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-08 | CVE-2007-4203 | Improper Authentication vulnerability in Mambo Open Source 4.6.2 Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | 9.3 |
| 2007-03-27 | CVE-2007-1699 | Remote File Include vulnerability in Mambo SWMenu MosConfig_Absolute_Path Parameter Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | 10.0 |
| 2007-03-22 | CVE-2007-1596 | Remote File Include vulnerability in NFN Address Book mosConfig_Absolute_Path Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | 9.3 |
| 2005-12-11 | CVE-2005-4156 | Denial-Of-Service vulnerability in Mambo Open Source 4.5 Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | 9.4 |
| 2003-12-31 | CVE-2003-1245 | index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | 10.0 |
| 2002-12-31 | CVE-2002-2290 | Credentials Management vulnerability in Mambo Site Server 4.0.11 Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | 10.0 |
| 2001-07-25 | CVE-2001-1011 | Unspecified vulnerability in Mambo Site Server index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. | 10.0 |