本ページは mambo-foundation mambo_cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2011-2499 | Mambo CMS through 4.6.5 has multiple XSS. | [email protected] | 6.1 | 0.65% | 2020-02-12 | 2026-06-16 |
| CVE-2013-2565 | A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. | [email protected] | 5.3 | 1.60% | 2019-02-15 | 2026-06-16 |
| CVE-2013-2564 | Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. | [email protected] | 5.0 | 2.46% | 2014-06-09 | 2026-06-16 |
| CVE-2013-2563 | Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | [email protected] | 2.1 | 0.46% | 2014-06-09 | 2026-06-16 |
| CVE-2013-2562 | Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. | [email protected] | 2.1 | 0.47% | 2014-06-09 | 2026-06-16 |