CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2006-7150
https://notcve.org/view.php?id=CVE-2006-7150
07 Mar 2007 — Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. Múltiples vulnerabilidades de inyección SQL en el Mambo 4.6.x permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro mcname en el (1) moscomment.php y (2) com_comment.php. • http://securityreason.com/securityalert/2379 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3CVE-2004-2072 – Mambo Open Source 4.6 - 'Itemid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2072
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. • https://www.exploit-db.com/exploits/23657 •