CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 1CVE-2008-0517 – Mambo Component EstateAgent 0.1 - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0517
31 Jan 2008 — SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. Vulnerabilidad de inyección SQL en idex.php en el componente Darko Selesi EstateAgent (com_estateagent) 0.1 para Mambo 4.5.x y Joomla!. Permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro objid en una acción de contacto showObject. • https://www.exploit-db.com/exploits/5016 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0789
https://notcve.org/view.php?id=CVE-2007-0789
06 Feb 2007 — SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter. Una vulnerabilidad de inyección SQL en Mambo versiones anteriores a 4.5.5, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de vectores no especificados en la cancelación de funciones edit, posiblemente relacionadas con el parámetro id. • http://mamboxchange.com/frs/shownotes.php?release_id=6232 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2006-4286
https://notcve.org/view.php?id=CVE-2006-4286
22 Aug 2006 — PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en P... • http://securityreason.com/securityalert/1431 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2006-3262 – Mambo 4.6rc1 - Weblinks Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-3262
27 Jun 2006 — SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "title". • https://www.exploit-db.com/exploits/1920 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3263
https://notcve.org/view.php?id=CVE-2006-3263
27 Jun 2006 — SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid". • http://www.mamboserver.com/?option=com_content&task=view&id=207 •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 4CVE-2006-1794 – Mambo < 4.5.3h - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1794
17 Apr 2006 — SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). • https://www.exploit-db.com/exploits/43835 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2005-2002 – Mambo 4.5.2.1 - Fetch Password Hash
https://notcve.org/view.php?id=CVE-2005-2002
15 Jun 2005 — SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. • https://www.exploit-db.com/exploits/1049 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0512
https://notcve.org/view.php?id=CVE-2005-0512
21 Feb 2005 — PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. • http://mamboforge.net/frs/download.php/4043/Patch_4.5.2_to_4.5.2.1.zip •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1692 – Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1692
18 Sep 2004 — Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. • https://www.exploit-db.com/exploits/24614 •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 3CVE-2004-1693 – Mambo Open Source 4.5.1 (1.0.9) - 'Function.php' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2004-1693
18 Sep 2004 — PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24615 •