Vulnerabilities > Mambo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-02 | CVE-2008-2990 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. | 7.5 |
| 2008-05-06 | CVE-2008-2095 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | 7.5 |
| 2008-05-06 | CVE-2008-2093 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. | 7.5 |
| 2008-03-28 | CVE-2008-1540 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-03-24 | CVE-2008-1460 | SQL Injection vulnerability in Joomlapixel COM Joovideo 1.0/1.2.2 SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-03-24 | CVE-2008-1459 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-03-12 | CVE-2008-1297 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | 7.5 |
| 2008-03-04 | CVE-2008-1137 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | 7.5 |
| 2008-02-21 | CVE-2008-0855 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2008-02-21 | CVE-2008-0854 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | 7.5 |