CVSS: 9.1EPSS: 7%CPEs: 10EXPL: 3CVE-2005-3738 – Mambo 4.5.2 - Globals Overwrite / Remote Command Execution
https://notcve.org/view.php?id=CVE-2005-3738
22 Nov 2005 — globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. globals.php en Mambo Site Server 4.0.14 y anteriores, cuando "register_globals" está desactivado, permite a atacantes remotos sobreescribir variables mediante el 'array' "GLOBALS" y llevar a cabo varios ataques, como... • https://www.exploit-db.com/exploits/1337 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2003-1203 – Mambo Site Server 4.0.10 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1203
18 Mar 2003 — Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. • https://www.exploit-db.com/exploits/22382 •