Search Results (123 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1297 3 Ewriting, Joomla, Mambo 3 Ewriting, Com Ewriting, Com Ewriting 2026-04-23 N/A
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
CVE-2008-0846 2 Joomla, Mambo 2 Com Profile, Com Profile 2026-04-23 N/A
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
CVE-2006-7202 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
CVE-2007-1596 2 Joomla, Mambo 2 Nfn Address Book, Nfn Address Book 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
CVE-2008-0721 1 Mambo 1 Com Sermon 2026-04-23 N/A
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
CVE-2006-7150 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
CVE-2008-1849 3 Joomla, Joomlacode, Mambo 3 Joomla, Joomlaexplorer, Mambo 2026-04-23 N/A
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-2093 3 Joomla, Joomlapolis, Mambo 3 Com Comprofiler, Community Builder, Com Comprofiler 2026-04-23 N/A
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
CVE-2008-2500 1 Mambo 1 Mostlyce 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor (MOStlyCE) component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0799 2 Joomla, Mambo 2 Com Quiz, Com Quiz 2026-04-23 N/A
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
CVE-2008-5208 2 Joomla, Mambo 3 Com Datsogallery, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2008-0773 3 Joomla, Mambo, Phil Taylor 4 Com Comments, Com Comments, Comments and 1 more 2026-04-23 N/A
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0829 3 Joomla, Joomlapixel, Mambo 3 Joomla, Jooget, Mambo 2026-04-23 N/A
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
CVE-2008-5226 3 Joomla, Mambads, Mambo 3 Joomla, Mambads, Mambo 2026-04-23 N/A
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
CVE-2008-6814 2 Jan De Graaff, Mambo 2 Com Simpleboard, Mambo 2026-04-23 N/A
Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528.
CVE-2008-6653 3 Joomla, Mambo, Wh-com 3 Joomla, Mambo, Com Webhosting 2026-04-23 N/A
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-0511 2 Joomla, Mambo 2 Com Mamml, Com Mamml 2026-04-23 N/A
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
CVE-2008-0517 3 Darko Selesi, Joomla, Mambo 3 Estateagent, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
CVE-2008-0518 2 Joomla, Mambo 2 Com Recipes, Com Recipes 2026-04-23 N/A
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-0261 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.