MamboxchangeCVEs & Vulnerabilities

15 CVEs affecting Mamboxchange products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

laithai 4a6mambohelpdesk 2mambowiki 2peoplebook 2loudmouth 1mambo email publisher 1serverstat component 1mosreporter 1
CVE-2008-0499HIGH

SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

31 Jan 2008
7.5
CVSS
CVE-2008-0500CRITICAL

Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.

31 Jan 2008
10.0
CVSS
CVE-2007-1992HIGHpoc

Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/.

12 Apr 2007
7.5
CVSS
CVE-2006-7092HIGH

SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.

3 Mar 2007
7.5
CVSS
CVE-2006-7093MEDIUM

Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3 Mar 2007
5.8
CVSS
CVE-2006-6051HIGHpoc

PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

22 Nov 2006
7.5
CVSS
CVE-2006-5254HIGHpoc

PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

13 Oct 2006
7.5
CVSS
CVE-2006-4858MEDIUMpoc

PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

19 Sep 2006
6.8
CVSS
CVE-2006-4282HIGHpoc

PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

22 Aug 2006
7.5
CVSS
CVE-2006-4241HIGHpoc

PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

21 Aug 2006
7.5
CVSS
CVE-2006-4203HIGHpoc

PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

18 Aug 2006
7.5
CVSS
CVE-2006-4195MEDIUMpoc

PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

18 Aug 2006
6.8
CVSS
CVE-2006-3930HIGHpoc

PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

1 Aug 2006
7.5
CVSS
CVE-2006-3748MEDIUMpoc

PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

21 Jul 2006
6.8
CVSS
CVE-2006-3528MEDIUMpoc

Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php.

12 Jul 2006
6.8
CVSS
← PrevPage 1 / 1Next →