CVE-2006-7247 – Joomla! 1.0.9 - 'Weblinks' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-7247
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el componente Weblinks (com_weblinks) para Joomla! y Mambo v1.0.9 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro título. • https://www.exploit-db.com/exploits/1922 http://secunia.com/advisories/20746 http://www.exploit-db.com/exploits/1922 http://www.openwall.com/lists/oss-security/2011/12/24/2 http://www.openwall.com/lists/oss-security/2011/12/24/3 http://www.osvdb.org/26626 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-2917 – Mambo 4.x - 'Zorder' SQL Injection
https://notcve.org/view.php?id=CVE-2011-2917
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. Vulnerabilidad de inyección SQL en administrator/index2.php en Mambo CMS v4.6.5 y anteriores, permite a usuarios remotos ejecutar comandos SQL de su elección a través del parámetro zorder. • https://www.exploit-db.com/exploits/18110 http://www.exploit-db.com/exploits/18110 http://www.openwall.com/lists/oss-security/2011/08/12/6 http://www.osvdb.org/74502 http://www.securityfocus.com/bid/49130 http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4944 – Joomla! Component Elite Experts - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4944
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. Vulnerabilidad de inyección SQL en el componente Elite Experts (com_elite_experts) para Mambo y Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id en una acción showExpertProfileDetailed a index.php • https://www.exploit-db.com/exploits/15100 http://www.exploit-db.com/exploits/15100 https://exchange.xforce.ibmcloud.com/vulnerabilities/62010 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2011-3754
https://notcve.org/view.php?id=CVE-2011-3754
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. Mambo v4.6.5 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con includes/sef.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2009-4579
https://notcve.org/view.php?id=CVE-2009-4579
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. Vulnerabilidad de secuencias de comandos (XSS) en el componente Artist avenue (com_artistavenue) para Joomla!, y Mambo permite a atacantes remotos ejecutar código web o HTML de su elección a través del parámetro Itemid en index.php. • http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt http://www.exploit-db.com/exploits/10818 http://www.securityfocus.com/bid/37537 https://exchange.xforce.ibmcloud.com/vulnerabilities/55214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •