Filtered by vendor Mambo
Subscribe
Total
123 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0607 | 3 Joomla, Mambo, Sigsiu.net | 3 Com Sobi2, Com Sobi2, Sobi2 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-5177 | 2 Mambads, Mambo | 2 Mambads, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | |||||
CVE-2008-0561 | 3 Arthur Konze Webdesign, Joomla, Mambo | 3 Akogallery, Joomla, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
CVE-2006-3846 | 1 Mambo | 1 Mambo Multibanners | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3843 | 1 Mambo | 1 Mambo Calendar | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
CVE-2006-3736 | 1 Mambo | 1 Videodb | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2024-02-28 | 5.0 MEDIUM | N/A |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | |||||
CVE-2006-1794 | 1 Mambo | 1 Mambo | 2024-02-28 | 7.6 HIGH | N/A |
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | |||||
CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2024-02-28 | 9.4 HIGH | N/A |
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | |||||
CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2005-0512 | 1 Mambo | 1 Mambo | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | |||||
CVE-2006-3981 | 1 Mambo | 1 Mambo Gallery Manager | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-3262 | 1 Mambo | 1 Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
CVE-2006-0871 | 1 Mambo | 1 Mambo | 2024-02-28 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. | |||||
CVE-2005-3738 | 1 Mambo | 1 Mambo Site Server | 2024-02-28 | 2.6 LOW | N/A |
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | |||||
CVE-2006-4288 | 1 Mambo | 1 A6mambocredits Component | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-3949 | 1 Mambo | 1 Artlinks Component | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3773 | 1 Mambo | 1 Smf-forum | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | |||||
CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |