Mambo-foundation Mambo — known CVE vulnerabilities
Every CVE whose affected-product data names Mambo-foundation Mambo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2011-2917 — CVSS 7.5 (high): SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL…
CVE-2008-2498 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to…
CVE-2008-7214 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier…
CVE-2008-7215 — CVSS 5.8 (medium): The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a…
CVE-2006-1957 — CVSS 5.0 (medium): The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and…
CVE-2008-2497 — CVSS 5.0 (medium): CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…
CVE-2008-7212 — CVSS 5.0 (medium): MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to…
CVE-2011-3754 — CVSS 5.0 (medium): Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation…
CVE-2008-7213 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE…