📦

mambo

Vendor: mambo-foundation

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 45 Code Available
Total RCEs 5 Remote Access
Total CVEs 25 Total Indexed
Avg. EPSS 1.99% Exploit Prob.
Latest CVE CVE-2006-7247 Sep 06

Security Vulnerability Index

Page 3 / 3
7.5 CVSS
CVE-2008-6234
Exploit Found

SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

EPSS: 0.03%
7.5 CVSS
CVE-2009-0380
Exploit Found

SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2

EPSS: 0.49%
7.5 CVSS
CVE-2008-5643
Exploit Found

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.

EPSS: 0.02%
7.5 CVSS
CVE-2008-5226
Exploit Found

SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

EPSS: 0.48%
7.5 CVSS
CVE-2008-5208
Exploit Found

SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

EPSS: 0.03%
7.5 CVSS
CVE-2008-5200
Exploit Found

SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

EPSS: 0.02%
7.5 CVSS
CVE-2008-4777
Exploit Found

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

EPSS: 0.00%
7.5 CVSS
CVE-2008-4617
Exploit Found

SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: 0.41%
2.6 CVSS
CVE-2008-3712
Exploit Found

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.

EPSS: 4.19%
6.8 CVSS
CVE-2008-2905
RCE Exploit Found

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

EPSS: 72.17%