Mambo: >> Mambo Open Source >> 4.6 Security Vulnerabilities
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2007-03-07
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
CVSS Score
6.8
EPSS Score
0.005
Published
2004-12-31