Mambo : Security Vulnerabilities, CVEs, Published In 2005
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
Max CVSS
9.4
EPSS Score
0.20%
Published
2005-12-11
Updated
2008-09-05
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Max CVSS
2.6
EPSS Score
1.97%
Published
2005-11-22
Updated
2018-10-19
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
Max CVSS
5.0
EPSS Score
0.46%
Published
2005-11-16
Updated
2016-10-18
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
Max CVSS
7.5
EPSS Score
1.20%
Published
2005-06-15
Updated
2016-10-18
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
Max CVSS
7.5
EPSS Score
0.51%
Published
2005-02-21
Updated
2008-09-05
5 vulnerabilities found