Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-4375

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Aug, 2006 | 01:00
Updated At-07 Aug, 2024 | 19:06
Rejected At-
Credits

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Aug, 2006 | 01:00
Updated At:07 Aug, 2024 | 19:06
Rejected At:
▼CVE Numbering Authority (CNA)

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/444063/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securityreason.com/securityalert/1451
third-party-advisory
x_refsource_SREASON
http://www.osvdb.org/28091
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/archive/1/443892/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/444063/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securityreason.com/securityalert/1451
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.osvdb.org/28091
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/443892/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/444063/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securityreason.com/securityalert/1451
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.osvdb.org/28091
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/archive/1/443892/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/444063/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securityreason.com/securityalert/1451
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.osvdb.org/28091
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/443892/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Aug, 2006 | 21:04
Updated At:03 Apr, 2025 | 01:03

PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
MamboServer
mambo
>>contacts_xtd_component>>*
cpe:2.3:a:mambo:contacts_xtd_component:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://securityreason.com/securityalert/1451cve@mitre.org
N/A
http://www.osvdb.org/28091cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/443892/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/444063/100/0/threadedcve@mitre.org
N/A
http://securityreason.com/securityalert/1451af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/28091af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/443892/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/444063/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://securityreason.com/securityalert/1451
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/28091
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/443892/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444063/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/1451
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/28091
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/443892/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/444063/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

75Records found
CVE-2006-3263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.51% / 65.88%
||
7 Day CHG~0.00%
Published-27 Jun, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CVE-2006-7150
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 69.18%
||
7 Day CHG~0.00%
Published-07 Mar, 2007 | 20:00
Updated-07 Aug, 2024 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.

Action-Not Available
Vendor-n/aMamboServer
Product-mambo_open_sourcen/a
CVE-2006-6634
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.67% / 87.64%
||
7 Day CHG~0.00%
Published-18 Dec, 2006 | 11:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php.

Action-Not Available
Vendor-n/aMamboServer
Product-extcalthai_modulen/a
CVE-2006-7104
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.41% / 88.78%
||
7 Day CHG~0.00%
Published-03 Mar, 2007 | 21:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mostlycen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-4229
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 20.04%
||
7 Day CHG~0.00%
Published-18 Aug, 2006 | 19:55
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-moslistmessenger_componentn/a
CVE-2006-4296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.24% / 93.35%
||
7 Day CHG~0.00%
Published-23 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-bigape-backup_componentn/a
CVE-2006-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.41%
||
7 Day CHG~0.00%
Published-06 Sep, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-jim_componentn/a
CVE-2006-4286
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.16%
||
7 Day CHG~0.00%
Published-22 Aug, 2006 | 17:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CVE-2006-3262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.80% / 87.83%
||
7 Day CHG~0.00%
Published-27 Jun, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CVE-2006-3736
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.65% / 92.27%
||
7 Day CHG~0.00%
Published-19 Jul, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-videodbn/a
CVE-2006-3981
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.64% / 70.02%
||
7 Day CHG~0.00%
Published-05 Aug, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Action-Not Available
Vendor-n/aMamboServer
Product-mambo_gallery_managern/a
CVE-2006-3843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.82% / 85.87%
||
7 Day CHG~0.00%
Published-25 Jul, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambo_calendarn/a
CVE-2008-0511
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-31 Jan, 2008 | 19:30
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_mammln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2005-2002
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.34% / 79.75%
||
7 Day CHG~0.00%
Published-20 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CVE-2005-0512
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.75% / 72.78%
||
7 Day CHG~0.00%
Published-23 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CVE-2004-2143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 84.25%
||
7 Day CHG~0.00%
Published-30 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.

Action-Not Available
Vendor-n/aMamboServer
Product-mambo_portaln/a
CVE-2004-1826
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 71.13%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambo_open_source_4.5n/a
CVE-2004-1693
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.52% / 92.67%
||
7 Day CHG~0.00%
Published-20 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CVE-2009-3333
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.69%
||
7 Day CHG~0.00%
Published-23 Sep, 2009 | 10:00
Updated-07 Aug, 2024 | 06:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-alibastan/aMamboServer
Product-com_koesubmitmambon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-0706
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.72%
||
7 Day CHG~0.00%
Published-23 Feb, 2009 | 15:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

Action-Not Available
Vendor-simple-reviewn/aJoomla!MamboServer
Product-joomlacom_simple_reviewmambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0726
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2009 | 23:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.

Action-Not Available
Vendor-gigcalendarn/aJoomla!MamboServer
Product-com_gigcalendarjoomlamambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0846
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.33%
||
7 Day CHG~0.00%
Published-20 Feb, 2008 | 21:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_profilen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-3434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.19%
||
7 Day CHG~0.00%
Published-28 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.

Action-Not Available
Vendor-onestopjoomlan/aJoomla!MamboServer
Product-com_tupinambisjoomlamambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.54%
||
7 Day CHG~0.00%
Published-07 Apr, 2009 | 10:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Action-Not Available
Vendor-wh-comn/aJoomla!MamboServer
Product-joomlamambocom_webhostingn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5208
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.90%
||
7 Day CHG~0.00%
Published-24 Nov, 2008 | 17:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-joomlacom_datsogallerymambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0799
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_quizn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0773
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 23:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-phil_taylorn/aJoomla!MamboServer
Product-commentscom_commentsreview_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5643
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.61%
||
7 Day CHG~0.00%
Published-17 Dec, 2008 | 18:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_booksjoomlamambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.58%
||
7 Day CHG~0.00%
Published-25 Nov, 2008 | 19:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

Action-Not Available
Vendor-mambadsn/aJoomla!MamboServer
Product-joomlamambadsmambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 6.16%
||
7 Day CHG~0.00%
Published-21 Nov, 2008 | 17:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-joomlacom_xewebtvmambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-29 Oct, 2008 | 14:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-joomlamambocom_lmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 49.45%
||
7 Day CHG~0.00%
Published-02 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_facileformsjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0686
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_neoreferencesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.36%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 23:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_docn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0752
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_neogalleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0829
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.32%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

Action-Not Available
Vendor-joomlapixeln/aJoomla!MamboServer
Product-joogetjoomlamambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.47%
||
7 Day CHG~0.00%
Published-06 May, 2008 | 16:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

Action-Not Available
Vendor-page-flip-toolsn/aJoomla!MamboServer
Product-com_flippingbookflipping_bookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.19%
||
7 Day CHG~0.00%
Published-06 May, 2008 | 16:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.

Action-Not Available
Vendor-joomlapolisn/aJoomla!MamboServer
Product-com_comprofilercommunity_buildern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-0374
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.03%
||
7 Day CHG~0.00%
Published-19 Jan, 2007 | 23:00
Updated-07 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-joomlamambon/a
CVE-2008-0652
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 2.10%
||
7 Day CHG~0.00%
Published-07 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_downloadsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0817
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.69%
||
7 Day CHG~0.00%
Published-19 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_filebase_componentn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1459
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.84%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 18:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Action-Not Available
Vendor-mamboitaliajoomlaitalian/aJoomla!MamboServer
Product-joomlamambocom_alberghin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1460
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.20%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 18:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

Action-Not Available
Vendor-joomlapixeln/aJoomla!MamboServer
Product-mambojoomlacom_joovideon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1297
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.75%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

Action-Not Available
Vendor-ewritingn/aJoomla!MamboServer
Product-ewritingcom_ewritingn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.06%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_downloadsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0603
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 2.10%
||
7 Day CHG~0.00%
Published-06 Feb, 2008 | 11:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.

Action-Not Available
Vendor-amazoopn/aJoomla!MamboServer
Product-com_awesomawesomn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 2.23%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_salesrepn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0853
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.55%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_detailn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0606
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.57%
||
7 Day CHG~0.00%
Published-06 Feb, 2008 | 11:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.

Action-Not Available
Vendor-phil_taylorn/aJoomla!MamboServer
Product-com_shambo2shambo2n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found