CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2004-2143 – Remository - SQL Injection
https://notcve.org/view.php?id=CVE-2004-2143
31 Dec 2004 — SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. • https://www.exploit-db.com/exploits/24613 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1692 – Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1692
18 Sep 2004 — Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. • https://www.exploit-db.com/exploits/24614 •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 3CVE-2004-1693 – Mambo Open Source 4.5.1 (1.0.9) - 'Function.php' Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2004-1693
18 Sep 2004 — PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. • https://www.exploit-db.com/exploits/24615 •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3CVE-2004-1825 – Mambo Open Source 4.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1825
16 Mar 2004 — Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. • https://www.exploit-db.com/exploits/23824 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 3CVE-2004-1826 – Mambo Open Source 4.5 - 'index.php' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1826
16 Mar 2004 — SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. • https://www.exploit-db.com/exploits/23834 •
CVSS: 6.8EPSS: 7%CPEs: 2EXPL: 1CVE-2003-1204
https://notcve.org/view.php?id=CVE-2003-1204
31 Dec 2003 — Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq... • http://www.osvdb.org/7495 •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 3CVE-2003-1245 – Mambo Site Server 4.0.12 RC2 - Cookie Validation
https://notcve.org/view.php?id=CVE-2003-1245
31 Dec 2003 — index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. • https://www.exploit-db.com/exploits/22281 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1203 – Mambo Site Server 4.0.10 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1203
18 Mar 2003 — Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. • https://www.exploit-db.com/exploits/22382 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1662
https://notcve.org/view.php?id=CVE-2002-1662
31 Dec 2002 — Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2002-2247 – Mambo Site Server 4.0.11 - 'PHPInfo.php' Information Disclosure
https://notcve.org/view.php?id=CVE-2002-2247
31 Dec 2002 — The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. • https://www.exploit-db.com/exploits/22086 • CWE-16: Configuration •