Mambo

mambo

Vendor: Mambo • 26 CVEs

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-1794 1Mambo 1Mambo Apr 16, 2026 Apr 17, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task par...Show more SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).Show less
CVE-2006-0871 1Mambo 1Mambo Apr 16, 2026 Feb 24, 2006 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOT...Show more Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.Show less
CVE-2005-3586 1Mambo 1Mambo Apr 16, 2026 Nov 16, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
CVE-2005-2002 1Mambo 1Mambo Apr 16, 2026 Jun 15, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
CVE-2005-0512 1Mambo 1Mambo Apr 16, 2026 Feb 21, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that co...Show more PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.Show less
CVE-2004-1693 1Mambo 1Mambo Apr 16, 2026 Sep 18, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web ser...Show more PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.Show less

Previous 12