Mambo Security Vulnerabilities and Issues — Mambo CVE List

Lucene search

Mambo-foundationMambo

2 matches found

CVE•added 2011/09/23 11:55 p.m.•43 views

CVE-2011-3754

Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.

5CVSS6.3AI score0.00283EPSS

CVE•added 2011/12/08 7:55 p.m.•32 views

CVE-2011-2917

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

7.5CVSS8.7AI score0.00926EPSS