Vulnerabilities > Mambo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-16 | CVE-2007-2049 | Remote File Include vulnerability in Mambo Calendar 1.5.5 Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. network mambo | 6.8 |
| 2007-04-12 | CVE-2007-2005 | Code Injection vulnerability in multiple products Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. | 6.8 |
| 2007-03-27 | CVE-2007-1702 | Remote File Include vulnerability in Mambo FlatMenu Module MosConfig_Absolute_Path PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network mambo | 6.8 |
| 2007-03-07 | CVE-2006-7149 | Cross-Site Scripting vulnerability in Mambo 4.6/4.6.1 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. network mambo | 4.3 |
| 2006-09-06 | CVE-2006-4553 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-08-22 | CVE-2006-4288 | Code Injection vulnerability in Mambo A6Mambocredits Component 2.0.0 PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2006-08-21 | CVE-2006-4270 | Code Injection vulnerability in Mambo Mambelfish Component PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-08-05 | CVE-2006-3980 | Code Injection vulnerability in Mambo Gallery Manager PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-08-01 | CVE-2006-3949 | Code Injection vulnerability in Mambo Artlinks Component PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-08-01 | CVE-2006-3947 | Code Injection vulnerability in Mambo Mambatstaff PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |