Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for mambo by mambo-foundation

    CVE-2011-2917 (GCVE-0-2011-2917)

    Vulnerability from nvd – Published: 2011-12-08 19:00 – Updated: 2024-09-16 21:08
    VLAI
    Summary
    SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/49130 vdb-entryx_refsource_BID
    http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2011/08/12/6 mailing-listx_refsource_MLIST
    http://www.exploit-db.com/exploits/18110 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/74502 vdb-entryx_refsource_OSVDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:15:31.710Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "49130",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49130"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
              },
              {
                "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL  Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
              },
              {
                "name": "18110",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18110"
              },
              {
                "name": "74502",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/74502"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-12-08T19:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "49130",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49130"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
            },
            {
              "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL  Injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
            },
            {
              "name": "18110",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18110"
            },
            {
              "name": "74502",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/74502"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-2917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "49130",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49130"
                },
                {
                  "name": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection",
                  "refsource": "MISC",
                  "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
                },
                {
                  "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL  Injection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
                },
                {
                  "name": "18110",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18110"
                },
                {
                  "name": "74502",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/74502"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2917",
        "datePublished": "2011-12-08T19:00:00.000Z",
        "dateReserved": "2011-07-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:08:50.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3754 (GCVE-0-2011-3754)

    Vulnerability from nvd – Published: 2011-09-23 23:00 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:02.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-23T23:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3754",
        "datePublished": "2011-09-23T23:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:17:52.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7215 (GCVE-0-2008-7215)

    Vulnerability from nvd – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/42532 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    http://www.securityfocus.com/bid/27472 vdb-entryx_refsource_BID
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "42532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42532"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "name": "mambo-connector-dos(39986)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              },
              {
                "name": "27472",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27472"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "42532",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42532"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "name": "mambo-connector-dos(39986)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            },
            {
              "name": "27472",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27472"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "42532",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42532"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "mambo-connector-dos(39986)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                },
                {
                  "name": "27472",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27472"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7215",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7214 (GCVE-0-2008-7214)

    Vulnerability from nvd – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/42531 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.484Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "mambo-connector-csrf(39985)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "42531",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42531"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "mambo-connector-csrf(39985)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "42531",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42531"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7214",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "mambo-connector-csrf(39985)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "42531",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42531"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7214",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7213 (GCVE-0-2008-7213)

    Vulnerability from nvd – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/42530 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/27470 vdb-entryx_refsource_BID
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42530"
              },
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "mambo-mostlyce-connector-xss(39984)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
              },
              {
                "name": "27470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27470"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "42530",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42530"
            },
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "mambo-mostlyce-connector-xss(39984)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
            },
            {
              "name": "27470",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27470"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7213",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42530",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42530"
                },
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "mambo-mostlyce-connector-xss(39984)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
                },
                {
                  "name": "27470",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27470"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7213",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7212 (GCVE-0-2008-7212)

    Vulnerability from nvd – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    http://osvdb.org/42529 vdb-entryx_refsource_OSVDB
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "mambo-mostlyce-connector-path-disclosure(39983)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              },
              {
                "name": "42529",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42529"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "mambo-mostlyce-connector-path-disclosure(39983)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            },
            {
              "name": "42529",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42529"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7212",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "mambo-mostlyce-connector-path-disclosure(39983)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                },
                {
                  "name": "42529",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42529"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7212",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2498 (GCVE-0-2008-2498)

    Vulnerability from nvd – Published: 2008-05-28 15:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:30.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "mambo-index-sql-injection(42644)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644"
              },
              {
                "name": "ADV-2008-1660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1660/references"
              },
              {
                "name": "29373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29373"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
              },
              {
                "name": "30343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30343"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "mambo-index-sql-injection(42644)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644"
            },
            {
              "name": "ADV-2008-1660",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1660/references"
            },
            {
              "name": "29373",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29373"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
            },
            {
              "name": "30343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30343"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "mambo-index-sql-injection(42644)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644"
                },
                {
                  "name": "ADV-2008-1660",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1660/references"
                },
                {
                  "name": "29373",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29373"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=11799",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
                },
                {
                  "name": "30343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30343"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2498",
        "datePublished": "2008-05-28T15:00:00.000Z",
        "dateReserved": "2008-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:30.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2497 (GCVE-0-2008-2497)

    Vulnerability from nvd – Published: 2008-05-28 15:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:29.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-1660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1660/references"
              },
              {
                "name": "29373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29373"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
              },
              {
                "name": "30343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30343"
              },
              {
                "name": "mambo-unspecified-response-splitting(42645)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-1660",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1660/references"
            },
            {
              "name": "29373",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29373"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
            },
            {
              "name": "30343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30343"
            },
            {
              "name": "mambo-unspecified-response-splitting(42645)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2497",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-1660",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1660/references"
                },
                {
                  "name": "29373",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29373"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=11799",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
                },
                {
                  "name": "30343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30343"
                },
                {
                  "name": "mambo-unspecified-response-splitting(42645)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2497",
        "datePublished": "2008-05-28T15:00:00.000Z",
        "dateReserved": "2008-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:29.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1957 (GCVE-0-2006-1957)

    Vulnerability from nvd – Published: 2006-04-21 10:00 – Updated: 2024-08-07 17:35
    VLAI
    Summary
    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:35:29.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.kapda.ir/advisory-313.html"
              },
              {
                "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
              },
              {
                "name": "mambo-joomla-rss-dos(26131)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://irannetjob.com/content/view/209/28/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.kapda.ir/advisory-313.html"
            },
            {
              "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
            },
            {
              "name": "mambo-joomla-rss-dos(26131)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://irannetjob.com/content/view/209/28/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
                },
                {
                  "name": "http://www.kapda.ir/advisory-313.html",
                  "refsource": "MISC",
                  "url": "http://www.kapda.ir/advisory-313.html"
                },
                {
                  "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
                },
                {
                  "name": "mambo-joomla-rss-dos(26131)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
                },
                {
                  "name": "http://irannetjob.com/content/view/209/28/",
                  "refsource": "MISC",
                  "url": "http://irannetjob.com/content/view/209/28/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1957",
        "datePublished": "2006-04-21T10:00:00.000Z",
        "dateReserved": "2006-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:35:29.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-2917 (GCVE-0-2011-2917)

    Vulnerability from cvelistv5 – Published: 2011-12-08 19:00 – Updated: 2024-09-16 21:08
    VLAI
    Summary
    SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/49130 vdb-entryx_refsource_BID
    http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_… x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2011/08/12/6 mailing-listx_refsource_MLIST
    http://www.exploit-db.com/exploits/18110 exploitx_refsource_EXPLOIT-DB
    http://www.osvdb.org/74502 vdb-entryx_refsource_OSVDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:15:31.710Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "49130",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49130"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
              },
              {
                "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL  Injection",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
              },
              {
                "name": "18110",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/18110"
              },
              {
                "name": "74502",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/74502"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-12-08T19:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "49130",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49130"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
            },
            {
              "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL  Injection",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
            },
            {
              "name": "18110",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/18110"
            },
            {
              "name": "74502",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/74502"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-2917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "49130",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49130"
                },
                {
                  "name": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection",
                  "refsource": "MISC",
                  "url": "http://yehg.net/lab/pr0js/advisories/%5Bmambo4.6_x%5D_sql_injection"
                },
                {
                  "name": "[oss-security] 20110812 Re: CVE Request: Mambo CMS 4.6.x (4.6.5) | SQL  Injection",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/08/12/6"
                },
                {
                  "name": "18110",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/18110"
                },
                {
                  "name": "74502",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/74502"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-2917",
        "datePublished": "2011-12-08T19:00:00.000Z",
        "dateReserved": "2011-07-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:08:50.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3754 (GCVE-0-2011-3754)

    Vulnerability from cvelistv5 – Published: 2011-09-23 23:00 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:46:02.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2011-09-23T23:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-3754",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
                },
                {
                  "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5",
                  "refsource": "MISC",
                  "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-3754",
        "datePublished": "2011-09-23T23:00:00.000Z",
        "dateReserved": "2011-09-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:17:52.275Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7213 (GCVE-0-2008-7213)

    Vulnerability from cvelistv5 – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/42530 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/27470 vdb-entryx_refsource_BID
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "42530",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42530"
              },
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "mambo-mostlyce-connector-xss(39984)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
              },
              {
                "name": "27470",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27470"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "42530",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42530"
            },
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "mambo-mostlyce-connector-xss(39984)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
            },
            {
              "name": "27470",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27470"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7213",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "42530",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42530"
                },
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "mambo-mostlyce-connector-xss(39984)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984"
                },
                {
                  "name": "27470",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27470"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7213",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7214 (GCVE-0-2008-7214)

    Vulnerability from cvelistv5 – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/42531 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.484Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "mambo-connector-csrf(39985)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "42531",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42531"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "mambo-connector-csrf(39985)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "42531",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42531"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7214",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "mambo-connector-csrf(39985)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39985"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "42531",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42531"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7214",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7215 (GCVE-0-2008-7215)

    Vulnerability from cvelistv5 – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://osvdb.org/42532 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    http://www.securityfocus.com/bid/27472 vdb-entryx_refsource_BID
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "42532",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42532"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "name": "mambo-connector-dos(39986)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              },
              {
                "name": "27472",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27472"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "42532",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42532"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "name": "mambo-connector-dos(39986)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            },
            {
              "name": "27472",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27472"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7215",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "42532",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42532"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "mambo-connector-dos(39986)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39986"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                },
                {
                  "name": "27472",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27472"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7215",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-7212 (GCVE-0-2008-7212)

    Vulnerability from cvelistv5 – Published: 2009-09-11 16:00 – Updated: 2024-08-07 11:56
    VLAI
    Summary
    MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2008/0325 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/28670 third-party-advisoryx_refsource_SECUNIA
    http://forum.mambo-foundation.org/showthread.php?… x_refsource_CONFIRM
    http://www.securityfocus.com/archive/1/487128/100… mailing-listx_refsource_BUGTRAQ
    http://www.bugreport.ir/index_33.htm x_refsource_MISC
    http://osvdb.org/42529 vdb-entryx_refsource_OSVDB
    Date Public
    2008-01-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T11:56:14.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-0325",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/0325"
              },
              {
                "name": "mambo-mostlyce-connector-path-disclosure(39983)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
              },
              {
                "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
              },
              {
                "name": "28670",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28670"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
              },
              {
                "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/index_33.htm"
              },
              {
                "name": "42529",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/42529"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-0325",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/0325"
            },
            {
              "name": "mambo-mostlyce-connector-path-disclosure(39983)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
            },
            {
              "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
            },
            {
              "name": "28670",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28670"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
            },
            {
              "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/index_33.htm"
            },
            {
              "name": "42529",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/42529"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-7212",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-0325",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/0325"
                },
                {
                  "name": "mambo-mostlyce-connector-path-disclosure(39983)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983"
                },
                {
                  "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html"
                },
                {
                  "name": "28670",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28670"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=10158",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=10158"
                },
                {
                  "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded"
                },
                {
                  "name": "http://www.bugreport.ir/index_33.htm",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/index_33.htm"
                },
                {
                  "name": "42529",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/42529"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-7212",
        "datePublished": "2009-09-11T16:00:00.000Z",
        "dateReserved": "2009-09-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T11:56:14.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2498 (GCVE-0-2008-2498)

    Vulnerability from cvelistv5 – Published: 2008-05-28 15:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:30.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "mambo-index-sql-injection(42644)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644"
              },
              {
                "name": "ADV-2008-1660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1660/references"
              },
              {
                "name": "29373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29373"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
              },
              {
                "name": "30343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30343"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "mambo-index-sql-injection(42644)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644"
            },
            {
              "name": "ADV-2008-1660",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1660/references"
            },
            {
              "name": "29373",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29373"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
            },
            {
              "name": "30343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30343"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2498",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "mambo-index-sql-injection(42644)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42644"
                },
                {
                  "name": "ADV-2008-1660",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1660/references"
                },
                {
                  "name": "29373",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29373"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=11799",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
                },
                {
                  "name": "30343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30343"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2498",
        "datePublished": "2008-05-28T15:00:00.000Z",
        "dateReserved": "2008-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:30.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-2497 (GCVE-0-2008-2497)

    Vulnerability from cvelistv5 – Published: 2008-05-28 15:00 – Updated: 2024-08-07 09:05
    VLAI
    Summary
    CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-05-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:05:29.979Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2008-1660",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1660/references"
              },
              {
                "name": "29373",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/29373"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
              },
              {
                "name": "30343",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/30343"
              },
              {
                "name": "mambo-unspecified-response-splitting(42645)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-05-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2008-1660",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1660/references"
            },
            {
              "name": "29373",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/29373"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
            },
            {
              "name": "30343",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/30343"
            },
            {
              "name": "mambo-unspecified-response-splitting(42645)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-2497",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2008-1660",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1660/references"
                },
                {
                  "name": "29373",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/29373"
                },
                {
                  "name": "http://forum.mambo-foundation.org/showthread.php?t=11799",
                  "refsource": "CONFIRM",
                  "url": "http://forum.mambo-foundation.org/showthread.php?t=11799"
                },
                {
                  "name": "30343",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/30343"
                },
                {
                  "name": "mambo-unspecified-response-splitting(42645)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-2497",
        "datePublished": "2008-05-28T15:00:00.000Z",
        "dateReserved": "2008-05-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:05:29.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1957 (GCVE-0-2006-1957)

    Vulnerability from cvelistv5 – Published: 2006-04-21 10:00 – Updated: 2024-08-07 17:35
    VLAI
    Summary
    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-04-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:35:29.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.kapda.ir/advisory-313.html"
              },
              {
                "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
              },
              {
                "name": "mambo-joomla-rss-dos(26131)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://irannetjob.com/content/view/209/28/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.kapda.ir/advisory-313.html"
            },
            {
              "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
            },
            {
              "name": "mambo-joomla-rss-dos(26131)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://irannetjob.com/content/view/209/28/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1957",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060419 Re: [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html"
                },
                {
                  "name": "http://www.kapda.ir/advisory-313.html",
                  "refsource": "MISC",
                  "url": "http://www.kapda.ir/advisory-313.html"
                },
                {
                  "name": "20060418 [KAPDA::#41] - Mambo/Joomla rss component vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431317/100/0/threaded"
                },
                {
                  "name": "mambo-joomla-rss-dos(26131)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26131"
                },
                {
                  "name": "http://irannetjob.com/content/view/209/28/",
                  "refsource": "MISC",
                  "url": "http://irannetjob.com/content/view/209/28/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1957",
        "datePublished": "2006-04-21T10:00:00.000Z",
        "dateReserved": "2006-04-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:35:29.647Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }