mamboxchange 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and vendor risk cross-site scripting があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-0500 | Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser. | [email protected] | 10.0 | 0.42% | 2008-01-30 | 2026-04-23 |
| CVE-2008-0499 | SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | [email protected] | 7.5 | 0.46% | 2008-01-30 | 2026-04-23 |
| CVE-2007-1992 | Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) EXIF.php in classes/iptc/. | [email protected] | 7.5 | 5.10% | 2007-04-12 | 2026-04-23 |
| CVE-2006-7093 | Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 5.8 | 0.36% | 2007-03-02 | 2026-04-23 |
| CVE-2006-7092 | SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | [email protected] | 7.5 | 0.48% | 2007-03-02 | 2026-04-23 |
| CVE-2006-6051 | PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 7.5 | 4.95% | 2006-11-22 | 2026-04-23 |
| CVE-2006-5254 | PHP remote file inclusion vulnerability in registration_detailed.inc.php in Mark Van Bellen Detailed User Registration (com_registration_detailed), aka regdetailed, 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 7.5 | 4.95% | 2006-10-12 | 2026-04-23 |
| CVE-2006-4858 | PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 6.8 | 7.81% | 2006-09-19 | 2026-04-16 |
| CVE-2006-4282 | PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | [email protected] | 7.5 | 11.46% | 2006-08-22 | 2026-04-16 |
| CVE-2006-4241 | PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 7.5 | 2.16% | 2006-08-21 | 2026-04-16 |
| CVE-2006-4203 | PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 7.5 | 7.23% | 2006-08-17 | 2026-04-16 |
| CVE-2006-4195 | PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 6.8 | 10.24% | 2006-08-17 | 2026-04-16 |
| CVE-2006-3930 | PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | [email protected] | 7.5 | 12.16% | 2006-07-31 | 2026-04-16 |
| CVE-2006-3748 | PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 6.8 | 5.67% | 2006-07-21 | 2026-04-16 |
| CVE-2006-3528 | Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php. | [email protected] | 6.8 | 21.61% | 2006-07-12 | 2026-04-16 |