Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 935 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1849 3 Joomla, Joomlacode, Mambo 3 Joomla, Joomlaexplorer, Mambo 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2009-0378 1 Joomla 2 Com Beamospetition, Joomla 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
CVE-2009-4157 2 Joomla, Joomlatune 2 Joomla\!, Com Proofreader 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
CVE-2009-3669 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
CVE-2007-6272 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
CVE-2009-3334 2 Joomla, Lhacky 2 Joomla\!, Com Jinc 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
CVE-2008-6852 2 Joomla, Markus Donhauser 2 Joomla\!, Ice Gallery Component For Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2008-5790 2 Joomla, Recly 2 Joomla, Competitions 2025-04-09 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
CVE-2009-3491 2 Joomla, Kinfusion 2 Joomla\!, Com Sportfusion 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
CVE-2008-3228 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
CVE-2008-5208 2 Joomla, Mambo 3 Com Datsogallery, Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2008-0854 2 Joomla, Mambo 2 Com Salesrep, Com Salesrep 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
CVE-2008-5875 2 Joomla, Joomlahbs 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-3225 1 Joomla 1 Joomla 2025-04-09 10.0 HIGH N/A
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
CVE-2007-4745 2 Joomla, Mambo 2 Akobook, Mambo Site Server 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
CVE-2009-4217 2 Itamar Elharar, Joomla 2 Com Musicgallery, Joomla\! 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6347 2 Joomla, Luigi Massa 2 Joomla, Onguma Time Sheet 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-1935 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.