Page 3 of 15 results (0.004 seconds)

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 3

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "title". • https://www.exploit-db.com/exploits/1920 https://www.exploit-db.com/exploits/1941 http://retrogod.altervista.org/mambo_46rc1_sql.html http://secunia.com/advisories/20745 http://securityreason.com/securityalert/1158 http://securitytracker.com/id?1016334 http://www.mamboserver.com/?option=com_content&task=view&id=207 http://www.osvdb.org/26624 http://www.securityfocus.com/archive/1/437496/100/100/threaded http://www.securityfocus.com/bid/18492 http://www.vupen.com/englis •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid". • http://www.mamboserver.com/?option=com_content&task=view&id=207 •

CVSS: 7.6EPSS: 1%CPEs: 16EXPL: 4

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). • https://www.exploit-db.com/exploits/43835 http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html http://secunia.com/advisories/18935 http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released http://www.gulftech.org/?node=research&article_id=00104-02242006 http://www.osvdb.org/23402 http://www.osvdb.org/23503 http://www.securityfocus.com/bid/16775 http://www.vupen.com/english/advisories/2006/0719 https://exchange.xforce.ibmcloud.com/vulnerabilities •

CVSS: 2.6EPSS: 2%CPEs: 10EXPL: 3

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. globals.php en Mambo Site Server 4.0.14 y anteriores, cuando "register_globals" está desactivado, permite a atacantes remotos sobreescribir variables mediante el 'array' "GLOBALS" y llevar a cabo varios ataques, como se ha demostrado usando el parámetro "mosConfig_absolute_path" de content.html.php para inclusión remota de PHP. • https://www.exploit-db.com/exploits/1337 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html http://forum.mamboserver.com/showthread.php?t=66154 http://secunia.com/advisories/17622 http://securitytracker.com/id?1015258 http://www.securityfocus.com/archive/1/417215 http://www.securityfocus.com/archive/1/426942/100/0/threaded http://www.securityfocus.com/archive/1/427196/100/0/threaded http://www.securityfocus.com/bid/15461 http://www.vupen.com/english/advi •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. • http://mamboforge.net/frs/download.php/4043/Patch_4.5.2_to_4.5.2.1.zip http://secunia.com/advisories/14337 •