Vulnerabilities > Mambo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-21 | CVE-2007-4456 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
| 2007-05-09 | CVE-2006-7202 | Unspecified vulnerability in Mambo Open Source 4.6.1 The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | 7.8 |
| 2007-03-07 | CVE-2006-7150 | SQL-Injection vulnerability in Mambo Open Source 4.6/4.6.1 Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | 7.5 |
| 2007-03-03 | CVE-2006-7104 | Code Injection vulnerability in Mambo Mostlyce 4.5.4 PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2007-01-19 | CVE-2007-0374 | SQL Injection vulnerability in Mambo/Joomla CMS ID SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | 7.5 |
| 2006-12-18 | CVE-2006-6634 | Remote File Include vulnerability in ExtCalThai Mambo Component Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | 7.5 |
| 2006-08-23 | CVE-2006-4296 | Remote File Include vulnerability in Mambo BigAPE-Backup Component PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | 7.5 |
| 2006-08-21 | CVE-2006-4275 | Remote File Include vulnerability in Mambo Catalogshop Component 1.0Beta2 PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-08-18 | CVE-2006-4229 | Remote Security vulnerability in Moslistmessenger Component PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-08-05 | CVE-2006-3981 | Remote File Inclusion vulnerability in Mambo Gallery Manager PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |