Filtered by vendor Joomla
Subscribe
Total
935 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2692 | 1 Joomla | 1 Com Yvcomment | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. | |||||
CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
CVE-2008-1427 | 2 Joobi, Joomla | 2 Acajoom, Com Acajoom | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php. | |||||
CVE-2008-6299 | 1 Joomla | 1 Joomla | 2025-04-09 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | |||||
CVE-2008-6653 | 3 Joomla, Mambo, Wh-com | 3 Joomla, Mambo, Com Webhosting | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2007-4780 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | |||||
CVE-2008-2643 | 1 Joomla | 1 Com Biblestudy | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php. | |||||
CVE-2007-5309 | 2 Joomla, Webmaster-tips.net | 2 Joomla, Flash Image Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
CVE-2009-3357 | 2 Joomla, Joomlahbs | 2 Joomla, Com Hbssearch | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. | |||||
CVE-2009-1499 | 1 Joomla | 2 Com Mailto, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. | |||||
CVE-2008-6481 | 3 Joomla, Joomprod, Mambo-foundation | 3 Joomla, Com Versioning, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
CVE-2009-3972 | 2 Joomla, Qproje | 2 Joomla\!, Com Siirler | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | |||||
CVE-2007-4923 | 1 Joomla | 1 Joomla Radio | 2025-04-09 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | |||||
CVE-2007-4503 | 1 Joomla | 1 Nice Talk | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. | |||||
CVE-2008-1533 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors. | |||||
CVE-2007-4778 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777. | |||||
CVE-2009-4104 | 2 Joomla, Lyften | 2 Joomla\!, Com Lyftenbloggie | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php. | |||||
CVE-2008-6221 | 2 Dadamailproject, Joomla | 2 Dada Mail Manager, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | |||||
CVE-2008-1540 | 2 Joomla, Mambo | 2 Datsogallery, Datsogallery | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |