Mambo Site Server@4.0.11 Security Vulnerabilities and Issues — Mambo Site Server@4.0.11 CVE List

Lucene search

MamboMambo Site Server4.0.11

4 matches found

CVE•added 2007/10/18 10:0 a.m.•74 views

CVE-2002-2290

Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.

10CVSS7.5AI score0.00803EPSS

CVE•added 2007/10/14 8:0 p.m.•47 views

CVE-2002-2247

The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.

5CVSS6.6AI score0.0264EPSS

CVE•added 2005/11/22 11:3 a.m.•39 views

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.

2.6CVSS6.8AI score0.07523EPSS

CVE•added 2005/05/19 4:0 a.m.•30 views

CVE-2002-1662

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.

6.8CVSS6.5AI score0.00855EPSS