Mambo-Foundation: >> Mambo Cms Security Vulnerabilities
Mambo CMS through 4.6.5 has multiple XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-02-12
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
CVSS Score
5.3
EPSS Score
0.003
Published
2019-02-15
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-06-09
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
CVSS Score
2.1
EPSS Score
0.001
Published
2014-06-09
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
CVSS Score
5.0
EPSS Score
0.005
Published
2014-06-09