Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter.
Max CVSS
9.3
EPSS Score
0.95%
Published
2007-08-08
Updated
2018-10-15
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.
Max CVSS
10.0
EPSS Score
12.88%
Published
2007-03-27
Updated
2017-10-11
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.
Max CVSS
9.3
EPSS Score
9.84%
Published
2007-03-22
Updated
2017-10-11
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
Max CVSS
9.4
EPSS Score
0.20%
Published
2005-12-11
Updated
2008-09-05
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
Max CVSS
10.0
EPSS Score
0.58%
Published
2002-12-31
Updated
2017-07-29
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
Max CVSS
10.0
EPSS Score
1.23%
Published
2001-07-25
Updated
2017-10-10
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!