Mambo : Security Vulnerabilities, CVEs, Published In 2005

CVE-2005-4156

Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
Max CVSS
9.4
EPSS Score
0.20%
Published
2005-12-11
Updated
2008-09-05

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Max CVSS
2.6
EPSS Score
1.97%
Published
2005-11-22
Updated
2018-10-19

CVE-2005-3586

content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
Max CVSS
5.0
EPSS Score
0.46%
Published
2005-11-16
Updated
2016-10-18

CVE-2005-2002

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
Max CVSS
7.5
EPSS Score
1.20%
Published
2005-06-15
Updated
2016-10-18

CVE-2005-0512

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
Max CVSS
7.5
EPSS Score
0.51%
Published
2005-02-21
Updated
2008-09-05
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close