Mambo: >> Mambo Open Source >> 4.6.1 Security Vulnerabilities
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors.
CVSS Score
7.8
EPSS Score
0.003
Published
2007-05-09
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-03-07