CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2005-2002 – Mambo 4.5.2.1 - Fetch Password Hash
https://notcve.org/view.php?id=CVE-2005-2002
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. • https://www.exploit-db.com/exploits/1049 http://mamboforge.net/frs/download.php/6153/CHANGELOG http://marc.info/?l=bugtraq&m=111885974124936&w=2 http://secunia.com/advisories/15710 http://securitytracker.com/id?1014222 http://www.osvdb.org/17323 http://www.securityfocus.com/bid/13966 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0512
https://notcve.org/view.php?id=CVE-2005-0512
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. • http://mamboforge.net/frs/download.php/4043/Patch_4.5.2_to_4.5.2.1.zip http://secunia.com/advisories/14337 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2004-2143 – Remository - SQL Injection
https://notcve.org/view.php?id=CVE-2004-2143
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. • https://www.exploit-db.com/exploits/24613 http://archives.neohapsis.com/archives/bugtraq/2004-09/0215.html http://archives.neohapsis.com/archives/bugtraq/2004-09/0249.html http://secunia.com/advisories/12597 http://securitytracker.com/id?1011356 http://www.mamboportal.com/content/view/1615 http://www.osvdb.org/10040 http://www.securityfocus.com/bid/11219 https://exchange.xforce.ibmcloud.com/vulnerabilities/17441 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 3CVE-2004-2072 – Mambo Open Source 4.6 - 'Itemid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2072
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. • https://www.exploit-db.com/exploits/23657 http://www.securityfocus.com/bid/9588 http://www.systemsecure.org/advisories/ssadvisory06022004.php https://exchange.xforce.ibmcloud.com/vulnerabilities/15062 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1692 – Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1692
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. • https://www.exploit-db.com/exploits/24614 http://mamboforge.net/frs/shownotes.php?release_id=1672 http://marc.info/?l=bugtraq&m=109571849713158&w=2 http://www.osvdb.org/10179 http://www.securityfocus.com/bid/11220 https://exchange.xforce.ibmcloud.com/vulnerabilities/20616 •