Vulnerabilities > Mambo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-28 | CVE-2009-3434 | SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0 SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3333 | Code Injection vulnerability in Alibasta COM Koesubmit 1.0 PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2009-04-07 | CVE-2008-6653 | SQL Injection vulnerability in Wh-Com COM Webhosting SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2009-02-24 | CVE-2009-0726 | SQL Injection vulnerability in Gigcalendar COM Gigcalendar 1.0 SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | 7.5 |
| 2009-02-23 | CVE-2009-0706 | SQL Injection vulnerability in Simple-Review COM Simple Review 1.3.5 SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | 7.5 |
| 2008-12-17 | CVE-2008-5643 | SQL Injection vulnerability in Joomla COM Books SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. | 7.5 |
| 2008-11-25 | CVE-2008-5226 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | 7.5 |
| 2008-11-24 | CVE-2008-5208 | SQL Injection vulnerability in Joomla COM Datsogallery 1.6 SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | 7.5 |
| 2008-11-21 | CVE-2008-5200 | SQL Injection vulnerability in Joomla COM Xewebtv SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-10-29 | CVE-2008-4777 | SQL Injection vulnerability in Joomla COM LMS SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | 7.5 |