Mambo Foundation
mambo-foundation
15 CVEs • 3 products
Products (3)
Click to collapseToggle
Products (3)
Click to collapse
CVEs (15)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Mambo CMS through 4.6.5 has multiple XSS. |
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. |
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. |
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. |
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. |
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. |
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other file...Show more |
2Brilaps Mambo Foundation2Mambo MostlyceApr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and...Show more |
2Brilaps Mambo Foundation2Mambo MostlyceApr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests...Show more |
2Brilaps Mambo Foundation2Mambo MostlyceApr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to injec...Show more |
2Brilaps Mambo Foundation2Mambo MostlyceApr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php...Show more |
2Joomla Mambo Foundation2Com Musica Com MusicaApr 23, 2026 Feb 21, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOT...Show more |
CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
2Joomla Mambo Foundation2Joomla MamboApr 16, 2026 Apr 21, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed par...Show more |