Known Vulnerabilities for products from Mambo-foundation
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Mambo-foundation".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2013-2565 json | A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php disclo... | 5.3 - MEDIUM | 2019-02-15 | 2019-04-15 |
| CVE-2013-2564 json | Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafte... | 5 - MEDIUM | 2014-06-09 | 2014-06-24 |
| CVE-2013-2563 json | Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password h... | 2.1 - LOW | 2014-06-09 | 2014-06-24 |
| CVE-2013-2562 json | Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sens... | 2.1 - LOW | 2014-06-09 | 2014-06-24 |
| CVE-2011-3754 json | Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the in... | 5 - MEDIUM | 2011-09-23 | 2012-03-12 |
| CVE-2011-2917 json | SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arb... | 7.5 - HIGH | 2011-12-08 | 2011-12-09 |
| CVE-2011-2499 json | Mambo CMS through 4.6.5 has multiple XSS. | 6.1 - MEDIUM | 2020-02-12 | 2020-02-24 |
| CVE-2010-4944 json | SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers ... | 7.5 - HIGH | 2011-10-09 | 2017-08-29 |
| CVE-2009-4579 json | Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remot... | Not Provided | 2010-01-06 | 2026-04-23 |
| CVE-2009-4578 json | Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote a... | Not Provided | 2010-01-06 | 2026-04-23 |
| CVE-2009-4474 json | SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute ar... | Not Provided | 2009-12-30 | 2026-04-23 |
| CVE-2009-4199 json | Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!... | Not Provided | 2009-12-04 | 2026-04-23 |
| CVE-2009-0380 json | SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo... | Not Provided | 2009-02-02 | 2026-04-23 |
| CVE-2008-7215 json | The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary fil... | Not Provided | 2009-09-11 | 2026-04-23 |
| CVE-2008-7214 json | Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 an... | Not Provided | 2009-09-11 | 2026-04-23 |
| CVE-2008-7213 json | Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.p... | Not Provided | 2009-09-11 | 2026-04-23 |
| CVE-2008-7212 json | MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain ... | Not Provided | 2009-09-11 | 2026-04-23 |
| CVE-2008-6481 json | SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers t... | Not Provided | 2009-03-17 | 2026-04-23 |
| CVE-2008-6234 json | SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL co... | Not Provided | 2009-02-21 | 2026-04-23 |
| CVE-2008-4617 json | SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands... | Not Provided | 2008-10-20 | 2026-04-23 |
Known software with vulnerabilities from Mambo-foundation
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Mambo-foundation | Mambo Cms | 4.0.12 |