CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-0510 – Mambo Component 'com_newsletter' 4.5 - 'listid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-0510
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. Vulnerabilidad de inyección SQL en index.php en los componentes Newsletter (com_newsletter) para Mambo 4.5 y Joomla!. Permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro listid. • https://www.exploit-db.com/exploits/5007 http://www.securityfocus.com/bid/27502 http://www.vupen.com/english/advisories/2008/0354 https://exchange.xforce.ibmcloud.com/vulnerabilities/40036 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0517 – Mambo Component EstateAgent 0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0517
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. Vulnerabilidad de inyección SQL en idex.php en el componente Darko Selesi EstateAgent (com_estateagent) 0.1 para Mambo 4.5.x y Joomla!. Permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro objid en una acción de contacto showObject. • https://www.exploit-db.com/exploits/5016 http://www.securityfocus.com/bid/27520 http://www.vupen.com/english/advisories/2008/0362 https://exchange.xforce.ibmcloud.com/vulnerabilities/40060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2008-0261
https://notcve.org/view.php?id=CVE-2008-0261
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. Vulnerabilidad no especificada en el componente y módulo search en Mambo 4.5.x y 4.6.x permite a atacantes remotos provocar denegación de servicio (inundación de consultas) a través de vectores no especificados. • http://forum.mambo-foundation.org/showthread.php?t=9651 http://secunia.com/advisories/28392 http://www.securityfocus.com/bid/27239 https://exchange.xforce.ibmcloud.com/vulnerabilities/39613 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6455 – Mambo 4.6.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6455
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de Mambo 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) Itemid en una opción com_frontpage y (2) option. • https://www.exploit-db.com/exploits/30899 http://secunia.com/advisories/28133 http://securityreason.com/securityalert/3462 http://www.securityfocus.com/archive/1/485257/100/0/threaded http://www.securityfocus.com/bid/26922 https://exchange.xforce.ibmcloud.com/vulnerabilities/39115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 4%CPEs: 3EXPL: 2CVE-2007-5362 – Joomla! Component mosmedialite451 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5362
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el componente Avant-Garde Solutions MOSMedia Lite (com_mosmedi) 4.5.1 para Mambo y Joomla! • https://www.exploit-db.com/exploits/4499 http://osvdb.org/38586 http://osvdb.org/38587 http://osvdb.org/38588 http://www.securityfocus.com/bid/25960 https://exchange.xforce.ibmcloud.com/vulnerabilities/37015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •