MamboCVEs & Vulnerabilities

123 CVEs affecting Mambo products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

mambo 116mambo site server 24mambo open source 4.5 11mambo open source 9videodb 3mambo gallery manager 2mambo calendar 2com neoreferences 2
CVE-2006-3773MEDIUMpoc

PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

24 Jul 2006
6.8
CVSS
CVE-2006-3736HIGHpoc

PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

21 Jul 2006
7.5
CVSS
CVE-2006-3749MEDIUMpoc

PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

21 Jul 2006
6.8
CVSS
CVE-2006-3263HIGH

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

28 Jun 2006
7.5
CVSS
CVE-2006-3262HIGHpoc

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

28 Jun 2006
7.5
CVSS
CVE-2006-1956MEDIUM

The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.

21 Apr 2006
5.0
CVSS
CVE-2006-1794HIGHpoc

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).

17 Apr 2006
7.6
CVSS
CVE-2006-0871MEDIUMpoc

Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.

24 Feb 2006
6.4
CVSS
CVE-2005-4156CRITICAL

Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.

11 Dec 2005
9.4
CVSS
CVE-2005-3738LOWpoc

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

22 Nov 2005
2.6
CVSS
CVE-2005-3586MEDIUM

content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.

16 Nov 2005
5.0
CVSS
CVE-2005-2002HIGHpoc

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.

15 Jun 2005
7.5
CVSS
CVE-2005-0512HIGH

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.

21 Feb 2005
7.5
CVSS
CVE-2004-2072MEDIUMpoc

Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.

31 Dec 2004
6.8
CVSS
CVE-2004-2143HIGHpoc

SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.

31 Dec 2004
7.5
CVSS
CVE-2004-1693HIGHpoc

PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.

18 Sep 2004
7.5
CVSS
CVE-2004-1692MEDIUMpoc

Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.

18 Sep 2004
4.3
CVSS
CVE-2004-1825MEDIUMpoc

Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.

16 Mar 2004
4.3
CVSS
CVE-2004-1826HIGHpoc

SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

16 Mar 2004
7.5
CVSS
CVE-2003-1204MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.

31 Dec 2003
6.8
CVSS
CVE-2003-1245CRITICALpoc

index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.

31 Dec 2003
10.0
CVSS
CVE-2003-1203MEDIUMpoc

Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.

18 Mar 2003
4.3
CVSS
CVE-2002-1662MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.

31 Dec 2002
6.8
CVSS
CVE-2002-2290CRITICAL

Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.

31 Dec 2002
10.0
CVSS
CVE-2002-2247MEDIUMpoc

The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.

31 Dec 2002
5.0
CVSS
CVE-2002-2288MEDIUMpoc

Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.

31 Dec 2002
5.0
CVSS
CVE-2001-1011CRITICAL

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.

25 Jul 2001
10.0
CVSS
← PrevPage 3 / 3Next →