CVSS: 6.8EPSS: 28%CPEs: 23EXPL: 4CVE-2008-2905 – Mambo 4.6.4 - Cache Lite Output Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-2905
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión de archivo remoto en PHP en includes/Cache/Lite/Output.php en el paquete Cache_Lite de Mambo 4.6.4 y anteriores, cuando register_globals está habilitado, permite a atacantes remotos ejecutar código PHP de su elección mediante un URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/9906 https://www.exploit-db.com/exploits/16912 https://www.exploit-db.com/exploits/5808 http://secunia.com/advisories/30685 http://www.securityfocus.com/bid/29716 http://www.securitytracker.com/id?1020295 https://exchange.xforce.ibmcloud.com/vulnerabilities/43101 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2500
https://notcve.org/view.php?id=CVE-2008-2500
Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor (MOStlyCE) component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el Componente MOStlyContent Editor anterior a la v3.0(MOStlyCE) para Mambo, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://forum.mambo-foundation.org/showthread.php?t=11799 https://exchange.xforce.ibmcloud.com/vulnerabilities/42749 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2498
https://notcve.org/view.php?id=CVE-2008-2498
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de inyección SQL en index.php en Mambo anterior a 4.6.4, cuando magic_quotes_gpc están deshabilitadas, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) articleid y (2)mcname. NOTA: algunos de estos detalles has sido obtenidos a partir de información de terceros. • http://forum.mambo-foundation.org/showthread.php?t=11799 http://secunia.com/advisories/30343 http://www.securityfocus.com/bid/29373 http://www.vupen.com/english/advisories/2008/1660/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42644 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2497
https://notcve.org/view.php?id=CVE-2008-2497
CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en Mambo anterior a 4.6.4, permite a atacantes inyectar arbitrariamente cabeceras HTTP y llevar a cabo respuestas HTTP dividiendo ataques a través de vectores no especificados. • http://forum.mambo-foundation.org/showthread.php?t=11799 http://secunia.com/advisories/30343 http://www.securityfocus.com/bid/29373 http://www.vupen.com/english/advisories/2008/1660/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42645 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2008-2093 – Joomla! Component Community Builder 1.0.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-2093
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. Vulnerabilidad de inyección SQL en el componente Profiler (com_comprofiler) en Community Builder para Mambo y Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro user en una acción userProfile a index.php. • https://www.exploit-db.com/exploits/5491 http://www.securityfocus.com/bid/28911 https://exchange.xforce.ibmcloud.com/vulnerabilities/42008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •