Filtered by vendor Mambo-foundation
Subscribe
Total
26 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2024-08-07 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 | |||||
CVE-2011-2499 | 1 Mambo-foundation | 1 Mambo Cms | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Mambo CMS through 4.6.5 has multiple XSS. | |||||
CVE-2013-2565 | 1 Mambo-foundation | 1 Mambo Cms | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. | |||||
CVE-2013-2564 | 1 Mambo-foundation | 1 Mambo Cms | 2024-02-28 | 5.0 MEDIUM | N/A |
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | |||||
CVE-2013-2562 | 1 Mambo-foundation | 1 Mambo Cms | 2024-02-28 | 2.1 LOW | N/A |
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2013-2563 | 1 Mambo-foundation | 1 Mambo Cms | 2024-02-28 | 2.1 LOW | N/A |
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||||
CVE-2006-7247 | 2 Joomla, Mambo-foundation | 3 Com Weblinks, Joomla\!, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
CVE-2009-4474 | 2 Mambo-foundation, Mikedeboer | 2 Mambo, Com Zoom | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2010-4944 | 2 Joomla, Mambo-foundation | 3 Com Elite Experts, Joomla\!, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. | |||||
CVE-2009-4579 | 2 Joomla, Mambo-foundation | 3 Com Artistavenue, Joomla\!, Mambo | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. | |||||
CVE-2009-4578 | 3 Facileforms, Joomla, Mambo-foundation | 3 Facileforms, Joomla\!, Mambo | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. | |||||
CVE-2011-2917 | 1 Mambo-foundation | 1 Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | |||||
CVE-2011-3754 | 1 Mambo-foundation | 1 Mambo | 2024-02-28 | 5.0 MEDIUM | N/A |
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. | |||||
CVE-2008-7213 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. | |||||
CVE-2008-4617 | 3 Joomla, Mambo-foundation, Pyxicom | 3 Joomla, Mambo, Actualite | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-1465 | 3 Detodas, Joomla, Mambo-foundation | 3 Com Restaurante, Joomla\!, Mambo | 2024-02-28 | 9.3 HIGH | N/A |
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | |||||
CVE-2009-4199 | 3 Joomla, Mambo-foundation, Mamboforge | 3 Joomla\!, Mambo, Com Mosres | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. | |||||
CVE-2008-6234 | 2 Joomla, Mambo-foundation | 4 Com Musica, Joomla, Com Musica and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2008-7212 | 2 Brilaps, Mambo-foundation | 2 Mostlyce, Mambo | 2024-02-28 | 5.0 MEDIUM | N/A |
MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. | |||||
CVE-2008-2498 | 1 Mambo-foundation | 1 Mambo | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information. |