Page 4 of 21 results (0.025 seconds)

CVSS: 7.6EPSS: 1%CPEs: 16EXPL: 4

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). • https://www.exploit-db.com/exploits/43835 http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html http://secunia.com/advisories/18935 http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released http://www.gulftech.org/?node=research&article_id=00104-02242006 http://www.osvdb.org/23402 http://www.osvdb.org/23503 http://www.securityfocus.com/bid/16775 http://www.vupen.com/english/advisories/2006/0719 https://exchange.xforce.ibmcloud.com/vulnerabilities •

CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. • https://www.exploit-db.com/exploits/1049 http://mamboforge.net/frs/download.php/6153/CHANGELOG http://marc.info/?l=bugtraq&m=111885974124936&w=2 http://secunia.com/advisories/15710 http://securitytracker.com/id?1014222 http://www.osvdb.org/17323 http://www.securityfocus.com/bid/13966 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. • http://mamboforge.net/frs/download.php/4043/Patch_4.5.2_to_4.5.2.1.zip http://secunia.com/advisories/14337 •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3

PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24615 http://marc.info/?l=bugtraq&m=109571849713158&w=2 http://securitytracker.com/id?1011365 http://www.osvdb.org/10180 http://www.securityfocus.com/bid/11220 https://exchange.xforce.ibmcloud.com/vulnerabilities/17449 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. • https://www.exploit-db.com/exploits/24614 http://mamboforge.net/frs/shownotes.php?release_id=1672 http://marc.info/?l=bugtraq&m=109571849713158&w=2 http://www.osvdb.org/10179 http://www.securityfocus.com/bid/11220 https://exchange.xforce.ibmcloud.com/vulnerabilities/20616 •