Mambo Mambo Site Server — known CVE vulnerabilities
Every CVE whose affected-product data names Mambo Mambo Site Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2002-2290 — CVSS 10.0 (critical): Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
CVE-2001-1011 — CVSS 10.0 (critical): index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID…
CVE-2002-1662 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other…
CVE-2002-2247 — CVSS 5.0 (medium): The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full…
CVE-2007-4745 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote…
CVE-2003-1203 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other…
CVE-2005-3738 — CVSS 2.6 (low): globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in…