Filtered by vendor Joomla
Subscribe
Total
935 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1849 | 3 Joomla, Joomlacode, Mambo | 3 Joomla, Joomlaexplorer, Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action. | |||||
CVE-2009-0378 | 1 Joomla | 2 Com Beamospetition, Joomla | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. | |||||
CVE-2009-4157 | 2 Joomla, Joomlatune | 2 Joomla\!, Com Proofreader | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages. | |||||
CVE-2009-3669 | 2 Foobla, Joomla | 2 Com Foobla Suggestions, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php. | |||||
CVE-2007-6272 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | |||||
CVE-2009-3334 | 2 Joomla, Lhacky | 2 Joomla\!, Com Jinc | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php. | |||||
CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2009-2782 | 2 Jfusion, Joomla | 2 Com Jfusion, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2025-04-09 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | |||||
CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | |||||
CVE-2008-3228 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | |||||
CVE-2008-5208 | 2 Joomla, Mambo | 3 Com Datsogallery, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
CVE-2008-0854 | 2 Joomla, Mambo | 2 Com Salesrep, Com Salesrep | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | |||||
CVE-2008-5875 | 2 Joomla, Joomlahbs | 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | |||||
CVE-2008-3225 | 1 Joomla | 1 Joomla | 2025-04-09 | 10.0 HIGH | N/A |
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | |||||
CVE-2007-4745 | 2 Joomla, Mambo | 2 Akobook, Mambo Site Server | 2025-04-09 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | |||||
CVE-2009-4217 | 2 Itamar Elharar, Joomla | 2 Com Musicgallery, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-6347 | 2 Joomla, Luigi Massa | 2 Joomla, Onguma Time Sheet | 2025-04-09 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-1935 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter. | |||||
CVE-2009-3661 | 2 Blueconstantmedia, Joomla | 2 Com Djcatalog, Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php. |