15 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en Mambo LaiThai 4.5.5 permite a atacantes remotos ejecutar comandos SQL de su elección a través vectores sin especificar. • http://secunia.com/advisories/28652 http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300 http://www.securityfocus.com/bid/27483 http://www.vupen.com/english/advisories/2008/0316 https://exchange.xforce.ibmcloud.com/vulnerabilities/40013 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser. Múltiples vulnerabilidades no especificadas en Mambo LaiThai 4.5.5 tienen un impacto desconocido y vectores de ataque relativos a (1) mod_login y (2) mod_template_chooser. • http://secunia.com/advisories/28652 http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300 http://www.securityfocus.com/bid/27483 http://www.vupen.com/english/advisories/2008/0316 https://exchange.xforce.ibmcloud.com/vulnerabilities/40014 •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2

Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el módulo para Mambo com_zoom 2.5 beta 2 y anteriores, permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro mosConfig_absolute_path en (1) EXIF_Makernote.php ó (2) EXIF.php en classes/iptc/. • https://www.exploit-db.com/exploits/3706 http://www.securityfocus.com/bid/23415 http://www.vupen.com/english/advisories/2007/1353 https://exchange.xforce.ibmcloud.com/vulnerabilities/33580 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. Vulnerabilidad de inyección SQL en includes/mambo.php en Mambo LaiThai 4.5.4 SP2 y anteriores permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cookie usercookie[password] • http://mamboxchange.com/forum/forum.php?forum_id=7767 http://secunia.com/advisories/22263 http://www.securityfocus.com/bid/20413 http://www.vupen.com/english/advisories/2006/3953 •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mambo LaiThai 4.5.4 Serucity Patch 2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://mamboxchange.com/forum/forum.php?forum_id=7767 http://secunia.com/advisories/22263 http://www.securityfocus.com/bid/20458/info http://www.vupen.com/english/advisories/2006/3953 •