Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 925 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3228 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
CVE-2008-5208 2 Joomla, Mambo 3 Com Datsogallery, Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2008-0854 2 Joomla, Mambo 2 Com Salesrep, Com Salesrep 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
CVE-2008-5875 2 Joomla, Joomlahbs 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-3225 1 Joomla 1 Joomla 2025-04-09 10.0 HIGH N/A
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
CVE-2007-4745 2 Joomla, Mambo 2 Akobook, Mambo Site Server 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
CVE-2009-4217 2 Itamar Elharar, Joomla 2 Com Musicgallery, Joomla\! 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6347 2 Joomla, Luigi Massa 2 Joomla, Onguma Time Sheet 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-1935 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2025-04-09 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVE-2009-2102 2 Com Jumi, Joomla 2 Com Jumi, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
CVE-2007-3249 1 Joomla 1 Letterman Subscriber 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.
CVE-2008-1460 3 Joomla, Joomlapixel, Mambo 3 Joomla, Com Joovideo, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-3498 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4104 1 Joomla 1 Joomla 2025-04-09 5.8 MEDIUM N/A
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2008-4102 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
CVE-2008-6116 2 Extrosoft, Joomla 2 Com Thyme, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
CVE-2008-0815 2 Egitimhost, Joomla 2 Com Mezun, Com Mezun 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
CVE-2008-2990 2 Joomla, Mambo 3 Com Facileforms, Joomla, Com Facileforms 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
CVE-2006-6833 1 Joomla 1 Joomla 2025-04-09 7.5 HIGH N/A
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.