index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_site_server | 3.0.4 |
| mambo | mambo_site_server | 3.0 |
| mambo | mambo_site_server | 3.0.2 |
| mambo | mambo_site_server | 3.0.5 |
| mambo | mambo_site_server | 3.0.1 |
| mambo | mambo_site_server | 3.0.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_site_server | 4.0.11 |
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_site_server | 4.0.11 |
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | site_server | 4.0.11 |
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_site_server | 4.0.11 |
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_site_server | 4.0.10 |
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_open_source | 4.5_1.0.9 |
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5_1.0.9 |
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_open_source | 4.5_1.0.0 |
| mambo | mambo_open_source | 4.5_1.0.1 |
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_open_source_4.5 | 1.0.2 |
| mambo | mambo_open_source_4.5 | 1.0.3beta |
| mambo | mambo_open_source_4.5 | 1.0.3 |
| mambo | mambo_open_source_4.5 | 1.0.1 |
| mambo | mambo_open_source_4.5 | 1.0.0 |
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_open_source | 4.6 |
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_portal | * |
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | * |
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5.0.2 |
| mambo | mambo | 4.5.1.3 |
| mambo | mambo | 4.5.1a |
| mambo | mambo | 4.5_1.0.9 |
| mambo | mambo | 4.5.2 |
| mambo | mambo | 4.5.2.2 |
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5.2.1 |
| mambo | mambo | 4.5.2 |
| mambo | mambo | 4.5.2.2 |
| mambo | mambo | 4.5.2.3 |
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_site_server | 4.0.12_beta_2 |
| mambo | mambo_site_server | 4.0.12 |
| mambo | mambo_site_server | 4.0.12_rc3 |
| mambo | mambo_site_server | 4.0.11 |
| mambo | mambo_site_server | 4.0.10 |
| mambo | mambo_site_server | 4.0 |
| mambo | mambo_site_server | 4.0.12_rc1 |
| mambo | mambo_site_server | 4.0.12_rc2 |
| mambo | mambo_site_server | 4.0.14 |
| mambo | mambo_site_server | 4.0.12_beta |
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo_open_source_4.5 | 1.0.2 |
| mambo | mambo_open_source_4.5 | 1.0.3 |
| mambo | mambo_open_source_4.5 | 1.0.1 |
| mambo | mambo_open_source_4.5 | 1.0.0 |
| mambo | mambo_open_source_4.5 | 1.0.3_beta |
| mambo | mambo_open_source_4.5 | 1.0.9 |
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5.3h |
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5_1.0.1 |
| mambo | mambo | 4.5_1.0.2 |
| mambo | mambo | 4.5.1a |
| mambo | mambo | 4.0.14 |
| mambo | mambo | 4.5_1.0.0 |
| mambo | mambo | 4.5_1.0.3_beta |
| mambo | mambo | 4.5.2.1 |
| mambo | mambo | 4.5.1_1.0.9 |
| mambo | mambo | * |
| mambo | mambo | 4.5.2 |
| mambo | mambo | 4.5.2.2 |
| mambo | mambo | 4.5.2.3 |
| mambo | mambo | 4.5.3h |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5.3h |
| joomla | joomla | 1.0.7 |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | * |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | * |
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | videodb | 0.3 |
| mambo | videodb | 0.2 |
| mambo | videodb | 0.1 |
PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | sitemap | 2.0.0 |
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | smf-forum | 1.3.1.3_bridge_component |
Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to concur with the dispute. In addition, it appears that the component name is actually "lmtg_myhomepage"
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mtg_myhomepage_component | * |
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joomla | x-shop_component | * |
| mambo | x-shop_component | * |
PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | anjel_component | * |
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | 4.5_1.0.1 |
| mambo | mambo | 4.5_1.0.2 |
| mambo | mambo | 4.5.0.2 |
| mambo | mambo | 4.5.1a |
| mambo | mambo | 4.0.14 |
| mambo | mambo | 4.5_1.0.0 |
| mambo | mambo | 4.5_1.0.3_beta |
| mambo | mambo | 4.6 |
| mambo | mambo | 4.5.2.1 |
| mambo | mambo | 4.5.1.3 |
| mambo | mambo | 4.5.1_1.0.9 |
| mambo | mambo | 4.5_1.0.9 |
| mambo | mambo | 4.5.2 |
| mambo | mambo | 4.5.2.2 |
| mambo | mambo | 4.5.2.3 |
| mambo | mambo | 4.5.3h |
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | contacts_xtd_component | * |
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | jim_component | * |
| joomla | jim_component | * |
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | prince_clan_chess_component | * |
| joomla | prince_clan_chess_component | * |
SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | mambo | * |
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mambo | jambook | 1.0_beta_7 |
| joomla | jambook | 1.0_beta_7 |