CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2007-0374
https://notcve.org/view.php?id=CVE-2007-0374
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. Vulnerabilidad de inyección SQL en (1) Joomla! 1.0.11 y 1.5 Beta, y (2) Mambo 4.6.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id cuando se cancela el editor de contenidos. Joomla! • http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://osvdb.org/32520 http://www.hackers.ir/advisories/festival.txt http://www.securityfocus.com/archive/1/459203/100/0/threaded http://www.securityfocus.com/bid/19734 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 4CVE-2006-6634 – MamboLaiThai ExtCalThai 0.9.1 - 'admin_events.php?CONFIG_EXT[LANGUAGES_DIR]' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-6634
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en ExtCalThai (com_extcalendar) 0.9.1 y componentes anteriores para el Mambo permiten a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro (1) CONFIG_EXT[LANGUAGES_DIR] del admin_events.php, (2)en el mosConfig_absolute_path del extcalendar.php, o en el (3) CONFIG_EXT[LIB_DIR] del lib/mail.inc.php. • https://www.exploit-db.com/exploits/28792 https://www.exploit-db.com/exploits/28793 http://archives.neohapsis.com/archives/bugtraq/2006-10/0179.html http://securityreason.com/securityalert/2041 http://www.securityfocus.com/bid/20487 https://exchange.xforce.ibmcloud.com/vulnerabilities/29499 •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 1CVE-2006-5044 – Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-5044
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. Vulnerabilidad no especificada enPrince Clan (Princeclan) Chess componente (com_pcchess) 0.8 y anteriores para Mambo y Joomla, tiene un impacto no especificado y vectores de ataque. • https://www.exploit-db.com/exploits/2069 http://forum.joomla.org/index.php/topic%2C79477.0.html http://www.princeclan.org •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2006-4556
https://notcve.org/view.php?id=CVE-2006-4556
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242 ** DISCUTIDA ** Vulnerabilidad PHP de inclusión remota de archivo en index.php en el componente JIM para Mambo and Joomla! permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path. • http://www.osvdb.org/28097 http://www.securityfocus.com/archive/1/443674/100/100/threaded http://www.securityfocus.com/archive/1/444216/100/100/threaded •
CVSS: 6.8EPSS: 4%CPEs: 2EXPL: 2CVE-2006-4553 – Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-4553
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en plugin.class.php en com_comprofiler Components 1.0 RC2 para Mambo y Joomla! permite a un atacante remoto ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/28437 http://secunia.com/advisories/21636 http://securityreason.com/securityalert/1491 http://www.securityfocus.com/archive/1/444425/100/0/threaded http://www.securityfocus.com/bid/19725 https://exchange.xforce.ibmcloud.com/vulnerabilities/28596 • CWE-94: Improper Control of Generation of Code ('Code Injection') •