Filtered by vendor Mambo Subscriptions
Total 123 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-0721 1 Mambo 1 Com Sermon 2026-04-23 N/A
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
CVE-2008-0746 2 Joomla, Mambo 2 Com Gallery, Com Gallery 2026-04-23 N/A
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2008-0817 2 Joomla, Mambo 2 Com Filebase Component, Com Filebase Component 2026-04-23 N/A
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
CVE-2008-0855 2 Joomla, Mambo 2 Com Facileforms, Com Facileforms 2026-04-23 N/A
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-2500 1 Mambo 1 Mostlyce 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor (MOStlyCE) component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6455 1 Mambo 1 Mambo 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
CVE-2009-0726 3 Gigcalendar, Joomla, Mambo 3 Com Gigcalendar, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
CVE-2006-6634 1 Mambo 1 Extcalthai Module 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.
CVE-2008-0517 3 Darko Selesi, Joomla, Mambo 3 Estateagent, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
CVE-2009-0706 3 Joomla, Mambo, Simple-review 3 Joomla, Mambo, Com Simple Review 2026-04-23 N/A
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
CVE-2008-5226 3 Joomla, Mambads, Mambo 3 Joomla, Mambads, Mambo 2026-04-23 N/A
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
CVE-2006-7202 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
CVE-2008-0261 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors.
CVE-2006-7104 1 Mambo 1 Mostlyce 2026-04-23 N/A
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-7150 1 Mambo 1 Mambo Open Source 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
CVE-2008-0810 2 Joomla, Mambo 2 Com Scheduling Component, Com Scheduling Component 2026-04-23 N/A
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-2005 2 Joomla, Mambo 2 Taskhopper Component, Taskhopper Component 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.
CVE-2008-0849 2 Joomla, Mambo 2 Com Downloads, Com Downloads 2026-04-23 N/A
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
CVE-2007-4505 2 Mambo, Mamboserver 2 Remository, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
CVE-2008-0772 2 Joomla, Mambo 2 Com Doc, Com Doc 2026-04-23 N/A
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.