📦

mambo

Vendor: mambo

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 30 Code Available
Total RCEs 4 Remote Access
Total CVEs 40 Total Indexed
Avg. EPSS 2.82% Exploit Prob.
Latest CVE CVE-2009-3434 Sep 28

Security Vulnerability Index

Page 3 / 4
7.5 CVSS
CVE-2008-0510
Exploit Found

SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

EPSS: 0.02%
7.5 CVSS
CVE-2008-0517
Exploit Found

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

EPSS: 0.02%
4.3 CVSS
CVE-2007-6455
Exploit Found

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.

EPSS: 2.68%
6.8 CVSS
CVE-2007-5362
RCE Exploit Found

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2.

EPSS: 0.47%
7.5 CVSS
CVE-2007-5177
Exploit Found

SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.

EPSS: 0.70%
7.5 CVSS
CVE-2007-4456
Exploit Found

SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.

EPSS: 0.76%
4.0 CVSS
CVE-2007-2557

MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS: 0.24%
4.3 CVSS
CVE-2006-7149

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php.

EPSS: 0.55%
6.8 CVSS
CVE-2007-0789

SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.

EPSS: 0.58%
7.5 CVSS
CVE-2007-0374

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

EPSS: 0.02%