CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2004-1693 – Mambo Open Source 4.5.1 (1.0.9) - 'Function.php' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2004-1693
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24615 http://marc.info/?l=bugtraq&m=109571849713158&w=2 http://securitytracker.com/id?1011365 http://www.osvdb.org/10180 http://www.securityfocus.com/bid/11220 https://exchange.xforce.ibmcloud.com/vulnerabilities/17449 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2004-1825 – Mambo Open Source 4.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1825
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. • https://www.exploit-db.com/exploits/23824 http://marc.info/?l=bugtraq&m=107945576020593&w=2 http://secunia.com/advisories/11140 http://www.osvdb.org/4308 http://www.osvdb.org/4665 http://www.securityfocus.com/bid/9890 https://exchange.xforce.ibmcloud.com/vulnerabilities/15499 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1826 – Mambo Open Source 4.5 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1826
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://www.exploit-db.com/exploits/23834 http://marc.info/?l=bugtraq&m=107945576020593&w=2 http://secunia.com/advisories/11140 http://www.osvdb.org/4307 http://www.securityfocus.com/bid/9891 https://exchange.xforce.ibmcloud.com/vulnerabilities/15500 •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 3CVE-2003-1245 – Mambo Site Server 4.0.12 RC2 - Cookie Validation
https://notcve.org/view.php?id=CVE-2003-1245
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. • https://www.exploit-db.com/exploits/22281 http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html http://www.securityfocus.com/bid/6926 https://exchange.xforce.ibmcloud.com/vulnerabilities/11398 •
CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1CVE-2003-1204
https://notcve.org/view.php?id=CVE-2003-1204
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php. • http://www.osvdb.org/7495 http://www.osvdb.org/7496 http://www.osvdb.org/7497 http://www.osvdb.org/7498 http://www.osvdb.org/7499 http://www.osvdb.org/7500 http://www.osvdb.org/7501 http://www.osvdb.org/7502 http://www.osvdb.org/7503 http://www.osvdb.org/7504 http://www.osvdb.org/7505 http://www.securityfocus.com/archive/1/306206 http://www.securityfocus.com/bid/6571 https://exchange.xforce.ibmcloud.com/vulnerabilities/11050 •