CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 3CVE-2003-1245 – Mambo Site Server 4.0.12 RC2 - Cookie Validation
https://notcve.org/view.php?id=CVE-2003-1245
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. • https://www.exploit-db.com/exploits/22281 http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html http://www.securityfocus.com/bid/6926 https://exchange.xforce.ibmcloud.com/vulnerabilities/11398 •
CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1CVE-2003-1204
https://notcve.org/view.php?id=CVE-2003-1204
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php. • http://www.osvdb.org/7495 http://www.osvdb.org/7496 http://www.osvdb.org/7497 http://www.osvdb.org/7498 http://www.osvdb.org/7499 http://www.osvdb.org/7500 http://www.osvdb.org/7501 http://www.osvdb.org/7502 http://www.osvdb.org/7503 http://www.osvdb.org/7504 http://www.osvdb.org/7505 http://www.securityfocus.com/archive/1/306206 http://www.securityfocus.com/bid/6571 https://exchange.xforce.ibmcloud.com/vulnerabilities/11050 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1203 – Mambo Site Server 4.0.10 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1203
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. • https://www.exploit-db.com/exploits/22382 http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html http://www.securityfocus.com/bid/7135 https://exchange.xforce.ibmcloud.com/vulnerabilities/11601 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1662
https://notcve.org/view.php?id=CVE-2002-1662
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html http://www.securityfocus.com/bid/6386 https://exchange.xforce.ibmcloud.com/vulnerabilities/10854 https://exchange.xforce.ibmcloud.com/vulnerabilities/10859 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2002-2247 – Mambo Site Server 4.0.11 - 'PHPInfo.php' Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2247
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. • https://www.exploit-db.com/exploits/22086 http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html http://www.securityfocus.com/bid/6376 https://exchange.xforce.ibmcloud.com/vulnerabilities/10853 • CWE-16: Configuration •