Filtered by vendor Mambo
Subscriptions
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2006-3980 | 1 Mambo | 1 Mambo Gallery Manager | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3981 | 1 Mambo | 1 Mambo Gallery Manager | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-3773 | 1 Mambo | 1 Smf-forum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2004-2072 | 1 Mambo | 1 Mambo Open Source | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. | ||||
| CVE-2004-1826 | 1 Mambo | 1 Mambo Open Source 4.5 | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-3736 | 1 Mambo | 1 Videodb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2026-04-16 | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | ||||
| CVE-2006-3962 | 1 Mambo | 1 Bayesiannaivefilter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4286 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate | ||||
| CVE-2002-1662 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. | ||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined | ||||
| CVE-2005-3586 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | ||||
| CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2026-04-16 | N/A |
| Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | ||||
| CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2026-04-16 | N/A |
| Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | ||||
| CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4270 | 1 Mambo | 1 Mambelfish Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file | ||||