Aggregates CVE and security vulnerability intelligence across all Mambo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-5226 | SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | [email protected] | 7.5 | 1.01% | 2008-11-25 | 2026-04-23 |
| CVE-2008-3712 | Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. | [email protected] | 2.6 | 1.88% | 2008-08-19 | 2026-04-23 |
| CVE-2008-2990 | PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. | [email protected] | 7.5 | 2.29% | 2008-07-02 | 2026-04-23 |
| CVE-2008-2905 | PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | [email protected] | 6.8 | 18.40% | 2008-06-30 | 2026-04-23 |
| CVE-2008-2500 | Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor (MOStlyCE) component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | [email protected] | 4.3 | 0.84% | 2008-05-29 | 2026-04-23 |
| CVE-2008-2095 | SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | [email protected] | 7.5 | 1.10% | 2008-05-06 | 2026-04-23 |
| CVE-2008-2093 | SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. | [email protected] | 7.5 | 0.97% | 2008-05-06 | 2026-04-23 |
| CVE-2008-1540 | SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 7.5 | 0.91% | 2008-03-28 | 2026-04-23 |
| CVE-2008-1297 | SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | [email protected] | 7.5 | 0.97% | 2008-03-12 | 2026-04-23 |
| CVE-2008-1137 | SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | [email protected] | 7.5 | 1.19% | 2008-03-04 | 2026-04-23 |
| CVE-2008-0855 | SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | [email protected] | 7.5 | 0.95% | 2008-02-21 | 2026-04-23 |
| CVE-2008-0854 | SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | [email protected] | 7.5 | 0.96% | 2008-02-21 | 2026-04-23 |
| CVE-2008-0853 | SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | [email protected] | 7.5 | 0.97% | 2008-02-21 | 2026-04-23 |
| CVE-2008-0849 | SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | [email protected] | 7.5 | 1.14% | 2008-02-21 | 2026-04-23 |
| CVE-2008-0846 | SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter. | [email protected] | 7.5 | 0.91% | 2008-02-20 | 2026-04-23 |
| CVE-2008-0841 | SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 0.93% | 2008-02-20 | 2026-04-23 |
| CVE-2008-0832 | SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action. | [email protected] | 7.5 | 1.20% | 2008-02-20 | 2026-04-23 |
| CVE-2008-0829 | SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task. | [email protected] | 7.5 | 1.06% | 2008-02-19 | 2026-04-23 |
| CVE-2008-0817 | SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | [email protected] | 7.5 | 1.00% | 2008-02-19 | 2026-04-23 |
| CVE-2008-0810 | SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 7.5 | 0.96% | 2008-02-19 | 2026-04-23 |