← Back

Mambo

mambo

107 CVEs • 65 products

Products (65)

Click to collapse
Toggle
Mambo
mambo
26 CVEs
Mambo Site Server
mambo_site_server
7 CVEs
Mambo Open Source
mambo_open_source
7 CVEs
Mambo Open Source 4.5
mambo_open_source_4.5
2 CVEs
Mambo Calendar
mambo_calendar
2 CVEs
Mambo Gallery Manager
mambo_gallery_manager
2 CVEs
Mostlyce
mostlyce
2 CVEs
Com Downloads
com_downloads
2 CVEs
Com Facileforms
com_facileforms
2 CVEs
Site Server
site_server
1 CVE
Mambo Portal
mambo_portal
1 CVE
Videodb
videodb
1 CVE
Sitemap
sitemap
1 CVE
Smf Forum
smf-forum
1 CVE
Mambo Multibanners
mambo_multibanners
1 CVE
Mambatstaff
mambatstaff
1 CVE
Artlinks Component
artlinks_component
1 CVE
Bayesiannaivefilter
bayesiannaivefilter
1 CVE
Moslistmessenger Component
moslistmessenger_component
1 CVE
Mtg Myhomepage Component
mtg_myhomepage_component
1 CVE
X Shop Component
x-shop_component
1 CVE
Mambelfish Component
mambelfish_component
1 CVE
Catalogshop Component
catalogshop_component
1 CVE
Anjel Component
anjel_component
1 CVE
A6mambocredits Component
a6mambocredits_component
1 CVE
Bigape Backup Component
bigape-backup_component
1 CVE
Contacts Xtd Component
contacts_xtd_component
1 CVE
Com Comprofiler Component
com_comprofiler_component
1 CVE
Jim Component
jim_component
1 CVE
Prince Clan Chess Component
prince_clan_chess_component
1 CVE
Extcalthai Module
extcalthai_module
1 CVE
Nfn Address Book
nfn_address_book
1 CVE
Swmenu Component
swmenu_component
1 CVE
Flatmenu
flatmenu
1 CVE
Taskhopper Component
taskhopper_component
1 CVE
Jambook
jambook
1 CVE
Remository
remository
1 CVE
Com Newsletter
com_newsletter
1 CVE
Com Mamml
com_mamml
1 CVE
Glossary
glossary
1 CVE
Musepoes Component
musepoes_component
1 CVE
Com Recipes
com_recipes
1 CVE
Com Jokes
com_jokes
1 CVE
Com Awesom
com_awesom
1 CVE
Com Shambo2
com_shambo2
1 CVE
Com Sobi2
com_sobi2
1 CVE
Com Neoreferences
com_neoreferences
1 CVE
Com Sermon
com_sermon
1 CVE
Com Gallery
com_gallery
1 CVE
Com Neogallery
com_neogallery
1 CVE
Com Doc
com_doc
1 CVE
Com Comments
com_comments
1 CVE
Com Quiz
com_quiz
1 CVE
Com Scheduling Component
com_scheduling_component
1 CVE
Com Filebase Component
com_filebase_component
1 CVE
Kemas Antonius Com Quran
kemas_antonius_com_quran
1 CVE
Com Ricette Component
com_ricette_component
1 CVE
Com Profile
com_profile
1 CVE
Com Detail
com_detail
1 CVE
Com Salesrep
com_salesrep
1 CVE
Com Garyscookbook
com_garyscookbook
1 CVE
Com Ewriting
com_ewriting
1 CVE
Datsogallery
datsogallery
1 CVE
Com Comprofiler
com_comprofiler
1 CVE
Com Flippingbook
com_flippingbook
1 CVE

CVEs (107)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2006-3846
1Mambo
1Mambo Multibanners
Apr 16, 2026
Jul 25, 2006
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3843
1Mambo
1Mambo Calendar
Apr 16, 2026
Jul 25, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.
CVE-2006-3773
1Mambo
1Smf Forum
Apr 16, 2026
Jul 24, 2006
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolut...Show more
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2006-3749
1Mambo
1Sitemap
Apr 16, 2026
Jul 21, 2006
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL i...Show more
PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2006-3736
1Mambo
1Videodb
Apr 16, 2026
Jul 21, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path para...Show more
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2006-3263
1Mambo
1Mambo
Apr 16, 2026
Jun 27, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-3262
1Mambo
1Mambo
Apr 16, 2026
Jun 27, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2006-1956
2Joomla
Mambo
2Joomla
Mambo
Apr 16, 2026
Apr 21, 2006
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
CVE-2006-1794
1Mambo
1Mambo
Apr 16, 2026
Apr 17, 2006
N/A· v4
N/A· v3
7.6 HIGH· v2
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task par...Show more
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).Show less
CVE-2006-0871
1Mambo
1Mambo
Apr 16, 2026
Feb 24, 2006
N/A· v4
N/A· v3
6.4 MEDIUM· v2
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOT...Show more
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.Show less
CVE-2005-4156
1Mambo
1Mambo Open Source 4.5
Apr 16, 2026
Dec 11, 2005
N/A· v4
N/A· v3
9.4 HIGH· v2
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with...Show more
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.Show less
CVE-2005-3738
1Mambo
1Mambo Site Server
Apr 16, 2026
Nov 22, 2005
N/A· v4
N/A· v3
2.6 LOW· v2
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig...Show more
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.Show less
CVE-2005-3586
1Mambo
1Mambo
Apr 16, 2026
Nov 16, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
CVE-2005-2002
1Mambo
1Mambo
Apr 16, 2026
Jun 15, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
CVE-2005-0512
1Mambo
1Mambo
Apr 16, 2026
Feb 21, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that co...Show more
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.Show less
CVE-2004-2143
1Mambo
1Mambo Portal
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository opti...Show more
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.Show less
CVE-2004-2072
1Mambo
1Mambo Open Source
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
CVE-2004-1693
1Mambo
1Mambo
Apr 16, 2026
Sep 18, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web ser...Show more
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.Show less
CVE-2004-1692
1Mambo
1Mambo Open Source
Apr 16, 2026
Sep 18, 2004
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
CVE-2004-1826
1Mambo
1Mambo Open Source 4.5
Apr 16, 2026
Mar 16, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.