Shodan
Vulnerabilities
Vulnerable Software
Mambo-Foundation:  Security Vulnerabilities
CVE-2011-2499
Mambo CMS through 4.6.5 has multiple XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-12
CVE-2013-2565
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-02-15
CVE-2013-2562
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-06-09
CVE-2013-2563
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-06-09
CVE-2013-2564
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-06-09
CVE-2006-7247
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVSS Score
7.5
EPSS Score
0.0
Published
2012-09-06
CVE-2011-2917
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2011-12-08
CVE-2010-4944
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
CVSS Score
7.5
EPSS Score
0.0
Published
2011-10-09
CVE-2011-3754
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
CVSS Score
5.0
EPSS Score
0.003
Published
2011-09-23
CVE-2009-4578
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
CVSS Score
4.3
EPSS Score
0.015
Published
2010-01-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved