Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2011-2499

Disclosure Date: February 12, 2020 (last updated February 21, 2025)
Mambo CMS through 4.6.5 has multiple XSS.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-2565

Disclosure Date: February 15, 2019 (last updated November 27, 2024)
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
0
0
Attacker Value
Unknown

CVE-2013-2563

Disclosure Date: June 09, 2014 (last updated October 05, 2023)
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
0
0
Attacker Value
Unknown

CVE-2013-2564

Disclosure Date: June 09, 2014 (last updated October 05, 2023)
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
0
0
Attacker Value
Unknown

CVE-2013-2562

Disclosure Date: June 09, 2014 (last updated October 05, 2023)
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
0
0