📦

mambo

Vendor: mambo

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 30 Code Available
Total RCEs 4 Remote Access
Total CVEs 40 Total Indexed
Avg. EPSS 2.82% Exploit Prob.
Latest CVE CVE-2009-3434 Sep 28

Security Vulnerability Index

Page 2 / 4
7.5 CVSS
CVE-2008-5200
Exploit Found

SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

EPSS: 0.02%
7.5 CVSS
CVE-2008-4777
Exploit Found

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

EPSS: 0.00%
2.6 CVSS
CVE-2008-3712
Exploit Found

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.

EPSS: 4.19%
6.8 CVSS
CVE-2008-2905
RCE Exploit Found

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: 72.17%
5.0 CVSS
CVE-2008-1849
Exploit Found

Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.

EPSS: 3.82%
7.5 CVSS
CVE-2008-1460
Exploit Found

SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

EPSS: 0.34%
7.5 CVSS
CVE-2008-1459
Exploit Found

SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

EPSS: 0.54%
7.5 CVSS
CVE-2008-0829
Exploit Found

SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

EPSS: 0.02%
7.5 CVSS
CVE-2008-0795
Exploit Found

SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

EPSS: 0.02%
7.5 CVSS
CVE-2008-0561
Exploit Found

SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

EPSS: 0.01%