Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Mambo-foundation Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2498 1 Mambo-foundation 1 Mambo 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4199 3 Joomla, Mambo-foundation, Mamboforge 3 Joomla\!, Mambo, Com Mosres 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
CVE-2008-7213 2 Brilaps, Mambo-foundation 2 Mostlyce, Mambo 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
CVE-2006-1957 2 Joomla, Mambo-foundation 2 Joomla\!, Mambo 2025-04-03 5.0 MEDIUM N/A
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
CVE-2013-2565 1 Mambo-foundation 1 Mambo Cms 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
CVE-2011-2499 1 Mambo-foundation 1 Mambo Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Mambo CMS through 4.6.5 has multiple XSS.