Page 4 of 18 results (0.002 seconds)

CVSS: 7.6EPSS: 1%CPEs: 16EXPL: 4

SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). • https://www.exploit-db.com/exploits/43835 http://archives.neohapsis.com/archives/bugtraq/2006-02/0463.html http://secunia.com/advisories/18935 http://source.mambo-foundation.org/view/news/Announcements/Security_Patch_Released http://www.gulftech.org/?node=research&article_id=00104-02242006 http://www.osvdb.org/23402 http://www.osvdb.org/23503 http://www.securityfocus.com/bid/16775 http://www.vupen.com/english/advisories/2006/0719 https://exchange.xforce.ibmcloud.com/vulnerabilities •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. • http://mamboforge.net/frs/download.php/4043/Patch_4.5.2_to_4.5.2.1.zip http://secunia.com/advisories/14337 •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3

Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. • https://www.exploit-db.com/exploits/23824 http://marc.info/?l=bugtraq&m=107945576020593&w=2 http://secunia.com/advisories/11140 http://www.osvdb.org/4308 http://www.osvdb.org/4665 http://www.securityfocus.com/bid/9890 https://exchange.xforce.ibmcloud.com/vulnerabilities/15499 •