Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mambo vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-2498
Multiple SQL injection vulnerabilities in index.php in Mambo prior to 4.6.4, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third part...
Mambo-foundation Mambo
4.3
CVSSv2
CVE-2007-6455
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
Mambo Mambo 4.6.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-4505
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote malicious users to execute arbitrary SQL commands via the cat parameter in a selectcat action.
Mambo Remository
Mamboserver Mambo
1 EDB exploit
6.8
CVSSv2
CVE-2007-2049
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
Mambo Mambo Calendar 1.5.5
1 EDB exploit
5
CVSSv2
CVE-2011-3754
Mambo 4.6.5 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
Mambo-foundation Mambo 4.6.5
7.5
CVSSv2
CVE-2006-3843
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter.
Mambo Mambo Calendar 1.5.7
1 EDB exploit
6.8
CVSSv2
CVE-2006-3846
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Mambo Mambo Multibanners 1.0.1
1 EDB exploit
6.8
CVSSv2
CVE-2006-3980
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and previous versions for Mambo 4.5 allows remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Mambo Mambo Gallery Manager
1 EDB exploit
7.5
CVSSv2
CVE-2006-3981
PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and previous versions for Mambo 4.5 allows remote malicious users to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this informat...
Mambo Mambo Gallery Manager
7.5
CVSSv2
CVE-2007-5177
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and previous versions component for Mambo allows remote malicious users to execute arbitrary SQL commands via the caid parameter.
Mambo Mambo
Mambads Mambads
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »