Mambo Mambo Open Source — known CVE vulnerabilities
Every CVE whose affected-product data names Mambo Mambo Open Source, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2007-4203 — CVSS 9.3 (critical): Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
CVE-2006-7202 — CVSS 7.8 (high): The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote…
CVE-2006-7150 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to…
CVE-2004-2072 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to…
CVE-2008-0261 — CVSS 5.0 (medium): Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service…
CVE-2004-1692 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML…
CVE-2004-1825 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject…