📦

mambo

Vendor: mambo

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 30 Code Available
Total RCEs 4 Remote Access
Total CVEs 40 Total Indexed
Avg. EPSS 2.82% Exploit Prob.
Latest CVE CVE-2009-3434 Sep 28

Security Vulnerability Index

Page 1 / 4
7.5 CVSS
CVE-2009-3434
Exploit Found

SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.

EPSS: 0.20%
7.5 CVSS
CVE-2009-3333
RCE Exploit Found

PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: 0.86%
6.8 CVSS
CVE-2008-6814
RCE Exploit Found

Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.

EPSS: 2.36%
7.5 CVSS
CVE-2008-6653
Exploit Found

SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

EPSS: 0.40%
6.8 CVSS
CVE-2009-0730
Exploit Found

Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.

EPSS: 0.82%
7.5 CVSS
CVE-2009-0726
Exploit Found

SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.

EPSS: 0.28%
7.5 CVSS
CVE-2009-0706

SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

EPSS: 0.36%
7.5 CVSS
CVE-2008-5643
Exploit Found

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.

EPSS: 0.02%
7.5 CVSS
CVE-2008-5226
Exploit Found

SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

EPSS: 0.48%
7.5 CVSS
CVE-2008-5208
Exploit Found

SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

EPSS: 0.03%