CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2006-4286
https://notcve.org/view.php?id=CVE-2006-4286
22 Aug 2006 — PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en P... • http://securityreason.com/securityalert/1431 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2006-3262 – Mambo 4.6rc1 - Weblinks Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-3262
27 Jun 2006 — SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "title". • https://www.exploit-db.com/exploits/1920 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3263
https://notcve.org/view.php?id=CVE-2006-3263
27 Jun 2006 — SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid". • http://www.mamboserver.com/?option=com_content&task=view&id=207 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2004-2072 – Mambo Open Source 4.6 - 'Itemid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2072
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. • https://www.exploit-db.com/exploits/23657 •