Vulnerabilities (CVE)

Filtered by vendor Mambo Subscribe
Total 123 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0603 3 Amazoop, Joomla, Mambo 3 Awesom, Com Awesom, Com Awesom 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.
CVE-2007-0374 2 Joomla, Mambo 2 Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
CVE-2007-1596 2 Joomla, Mambo 2 Nfn Address Book, Nfn Address Book 2025-04-09 9.3 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
CVE-2008-0799 2 Joomla, Mambo 2 Com Quiz, Com Quiz 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
CVE-2008-0773 3 Joomla, Mambo, Phil Taylor 4 Com Comments, Com Comments, Comments and 1 more 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-3333 2 Alibasta, Mambo 2 Com Koesubmit, Mambo 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-1297 3 Ewriting, Joomla, Mambo 3 Ewriting, Com Ewriting, Com Ewriting 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
CVE-2008-1137 2 Joomla, Mambo 2 Com Garyscookbook, Com Garyscookbook 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-6814 2 Jan De Graaff, Mambo 2 Com Simpleboard, Mambo 2025-04-09 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
CVE-2008-0772 2 Joomla, Mambo 2 Com Doc, Com Doc 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
CVE-2008-0519 2 Joomla, Mambo 2 Com Jokes, Com Jokes 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
CVE-2007-4203 1 Mambo 1 Mambo Open Source 2025-04-09 9.3 HIGH N/A
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
CVE-2006-7104 1 Mambo 1 Mostlyce 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-2049 1 Mambo 1 Mambo Calendar 2025-04-09 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.
CVE-2006-5044 2 Joomla, Mambo 2 Prince Clan Chess Component, Prince Clan Chess Component 2025-04-09 7.5 HIGH N/A
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVE-2009-3434 3 Joomla, Mambo, Onestopjoomla 3 Joomla, Mambo, Com Tupinambis 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
CVE-2008-4777 2 Joomla, Mambo 3 Com Lms, Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVE-2008-0515 2 Joomla, Mambo 2 Musepoes Component, Musepoes Component 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
CVE-2008-1849 3 Joomla, Joomlacode, Mambo 3 Joomla, Joomlaexplorer, Mambo 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-5208 2 Joomla, Mambo 3 Com Datsogallery, Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.