Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 935 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6166 2 Jmds, Joomla 2 Com Kbase, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
CVE-2009-4598 2 Corephp, Joomla 2 Com Jphoto, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2008-1559 2 Bernard Gilly, Joomla 2 Com Alphacontent, Joomla\! 2025-04-09 6.8 MEDIUM N/A
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2009-2015 2 Ideal, Joomla 2 Com Moofaq, Joomla 2025-04-09 7.5 HIGH N/A
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-0377 1 Joomla 2 Com Beamospetition, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
CVE-2009-2100 2 Joomla, Joomlapraise 2 Joomla, Com Projectfork 2025-04-09 5.0 MEDIUM N/A
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
CVE-2008-0832 2 Joomla, Mambo 2 Kemas Antonius Com Quran, Kemas Antonius Com Quran 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
CVE-2009-4579 2 Joomla, Mambo-foundation 3 Com Artistavenue, Joomla\!, Mambo 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
CVE-2009-3215 2 Joomla, Php-shop-system 2 Joomla, Ixxo Cart 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2008-5200 2 Joomla, Mambo 3 Com Xewebtv, Joomla, Mambo 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-0689 1 Joomla 1 Com Marketplace 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.
CVE-2007-5457 2 Joomla, Michael Dempfle 2 Joomla, Joomla Flash Uploader 2025-04-09 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
CVE-2009-0379 1 Joomla 2 Com Pcchess, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2009-3945 1 Joomla 1 Joomla\! 2025-04-09 5.5 MEDIUM N/A
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.
CVE-2008-5811 1 Joomla 2 Com Paxgallery, Joomla 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
CVE-2008-5865 2 Joomla, Joomlahbs 2 Joomla, Hotel Booking Reservation System 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
CVE-2009-3368 2 Joomla, Joomlahbs 2 Joomla\!, Com Hbssearch 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.
CVE-2007-5310 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2025-04-09 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4995 1 Joomla 1 Bsq Sitestats 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6883 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.