CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 3CVE-2006-3262 – Mambo 4.6rc1 - Weblinks Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-3262
27 Jun 2006 — SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "title". • https://www.exploit-db.com/exploits/1920 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-3263
https://notcve.org/view.php?id=CVE-2006-3263
27 Jun 2006 — SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid". • http://www.mamboserver.com/?option=com_content&task=view&id=207 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2006-1956
https://notcve.org/view.php?id=CVE-2006-1956
21 Apr 2006 — The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. • http://irannetjob.com/content/view/209/28 •
CVSS: 9.8EPSS: 1%CPEs: 16EXPL: 4CVE-2006-1794 – Mambo < 4.5.3h - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1794
17 Apr 2006 — SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). • https://www.exploit-db.com/exploits/43835 •
CVSS: 9.1EPSS: 1%CPEs: 2EXPL: 1CVE-2006-0871 – Mambo < 4.5.3h - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-0871
24 Feb 2006 — Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. • https://www.exploit-db.com/exploits/43835 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2005-3586
https://notcve.org/view.php?id=CVE-2005-3586
16 Nov 2005 — content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. • http://irannetjob.com/content/view/153/28 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 1CVE-2005-2002 – Mambo 4.5.2.1 - Fetch Password Hash
https://notcve.org/view.php?id=CVE-2005-2002
15 Jun 2005 — SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. • https://www.exploit-db.com/exploits/1049 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0512
https://notcve.org/view.php?id=CVE-2005-0512
21 Feb 2005 — PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. • http://mamboforge.net/frs/download.php/4043/Patch_4.5.2_to_4.5.2.1.zip •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 3CVE-2004-1693 – Mambo Open Source 4.5.1 (1.0.9) - 'Function.php' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2004-1693
18 Sep 2004 — PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24615 •