CVE Tools

mambo-foundation

Web & CMS Pluginsoss-project

11

Cumulative CVEs

5

Monthly snapshots

#28

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting mambo-foundation.

CVE-2011-2499Mambo CMS through 4.6.5 has multiple XSS.6.1Feb 12, 2020
CVE-2013-2565A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.5.3Feb 15, 2019
CVE-2013-2564Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.5.0Jun 9, 2014
CVE-2013-2563Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.2.1Jun 9, 2014
CVE-2013-2562Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.2.1Jun 9, 2014
CVE-2011-2917SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.7.5Dec 8, 2011
CVE-2011-3754Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php...5.0Sep 23, 2011
CVE-2008-7215The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[...5.8Sep 11, 2009
CVE-2008-7214Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of admin...6.8Sep 11, 2009
CVE-2008-7213Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows re...4.3Sep 11, 2009
CVE-2008-7212MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/conne...5.0Sep 11, 2009
CVE-2008-6234SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.7.5Feb 21, 2009
CVE-2008-2498Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) ...7.5May 28, 2008
CVE-2008-2497CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.5.0May 28, 2008
CVE-2006-1957The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different...5.0Apr 21, 2006