Vulnerabilities > Mambo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-01 | CVE-2006-3962 | Remote File Include vulnerability in Mambo Bayesiannaivefilter 1.1 PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-07-25 | CVE-2006-3843 | Remote File Include vulnerability in Mambo Calendar 1.5.7 PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | 7.5 |
| 2006-07-21 | CVE-2006-3736 | Remote File Include vulnerability in Mambo Videodb 0.1/0.2/0.3 PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2006-06-27 | CVE-2006-3263 | SQL-Injection vulnerability in Mambo SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2006-06-27 | CVE-2006-3262 | SQL Injection vulnerability in Mambo Weblinks SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
| 2006-04-17 | CVE-2006-1794 | SQL Injection vulnerability in Mambo Open Source SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | 7.6 |
| 2005-06-15 | CVE-2005-2002 | SQL Injection vulnerability in Mambo Open Source Com_Contents SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | 7.5 |
| 2005-02-21 | CVE-2005-0512 | Remote Security vulnerability in Mambo PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | 7.5 |
| 2004-12-31 | CVE-2004-2143 | SQL Injection vulnerability in ReMOSitory SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. | 7.5 |
| 2004-09-18 | CVE-2004-1693 | Input Validation vulnerability in Mambo 4.51.0.9 PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |