📦

mambo

Vendor: mambo-foundation

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 45 Code Available
Total RCEs 5 Remote Access
Total CVEs 25 Total Indexed
Avg. EPSS 1.99% Exploit Prob.
Latest CVE CVE-2006-7247 Sep 06

Security Vulnerability Index

Page 1 / 3
7.5 CVSS
CVE-2006-7247
Exploit Found

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

EPSS: 0.01%
7.5 CVSS
CVE-2011-2917
Exploit Found

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

EPSS: 1.07%
7.5 CVSS
CVE-2010-4944
Exploit Found

SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.

EPSS: 0.00%
5.0 CVSS
CVE-2011-3754

Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.

EPSS: 0.28%
4.3 CVSS
CVE-2009-4579

Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

EPSS: 0.01%
4.3 CVSS
CVE-2009-4578
Exploit Found

Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.

EPSS: 1.51%
7.5 CVSS
CVE-2009-4474
Exploit Found

SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

EPSS: 0.25%
6.8 CVSS
CVE-2009-4199
Exploit Found

Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.

EPSS: 0.26%
7.5 CVSS
CVE-2009-3434
Exploit Found

SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.

EPSS: 0.20%
7.5 CVSS
CVE-2009-3333
RCE Exploit Found

PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: 0.86%