| CVE-2016-9838 |
high |
7.5 |
8.5 |
EXP |
|
joomla |
10y ago |
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us… |
| CVE-2016-8870 |
high |
8.1 |
9.1 |
EXP |
|
joomla |
10y ago |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create … |
| CVE-2015-8566 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
Joomla! Framework Remote Code Injection Vulnerability |
| CVE-2015-8562 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece… |
| CVE-2015-7858 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. |
| CVE-2015-7857 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL… |
| CVE-2015-7297 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. |
| CVE-2014-7228 |
high |
— |
8.5 |
EXP |
|
joomla |
12y ago |
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for … |
| CVE-2014-7981 |
high |
— |
8.5 |
EXP |
|
joomla |
12y ago |
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-0793 |
medium |
— |
5.3 |
EXP |
|
stackideasjoomla |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1… |
| CVE-2014-0794 |
medium |
— |
5.3 |
EXP |
|
joomla |
13y ago |
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.… |
| CVE-2013-5576 |
medium |
— |
7.8 |
EXP |
|
joomla |
13y ago |
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended … |
| CVE-2013-3242 |
medium |
— |
6.5 |
EXP |
|
joomla |
13y ago |
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use… |
| CVE-2013-1453 |
high |
— |
8.5 |
EXP |
|
joomla |
14y ago |
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d… |
| CVE-2010-5280 |
high |
— |
8.5 |
EXP |
|
joomla-cbejoomla |
14y ago |
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files… |
| CVE-2011-4909 |
medium |
— |
5.3 |
EXP |
|
joomla |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/vi… |
| CVE-2012-1116 |
high |
— |
8.5 |
EXP |
|
joomla |
14y ago |
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-7247 |
high |
— |
8.5 |
EXP |
|
joomlamambo-foundation |
14y ago |
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| CVE-2011-5148 |
medium |
— |
7.8 |
EXP |
|
wasenjoomla |
14y ago |
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file… |
| CVE-2011-5113 |
high |
— |
8.5 |
EXP |
|
techdelugejoomla |
14y ago |
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid param… |
| CVE-2011-5112 |
high |
— |
8.5 |
EXP |
|
blueflyingfishjoomla |
14y ago |
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. |
| CVE-2011-5099 |
high |
— |
8.5 |
EXP |
|
chillcreationsjoomla |
14y ago |
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id p… |
| CVE-2012-1018 |
medium |
— |
5.3 |
EXP |
|
dmackmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc… |
| CVE-2011-4829 |
high |
— |
8.5 |
EXP |
|
barter-sitesjoomla |
15y ago |
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. |
| CVE-2011-4823 |
high |
— |
8.5 |
EXP |
|
extensionsforjoomlajoomla |
15y ago |
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re… |
| CVE-2011-4809 |
medium |
— |
5.3 |
EXP |
|
joomlaextensionsjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) l… |
| CVE-2011-4808 |
high |
— |
8.5 |
EXP |
|
joomlaextensionsjoomla |
15y ago |
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action… |
| CVE-2011-4804 |
medium |
— |
6.0 |
EXP |
|
fooblajoomla |
15y ago |
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to i… |
| CVE-2011-4571 |
high |
— |
8.5 |
EXP |
|
eaimprovedjoomla |
15y ago |
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. |
| CVE-2011-4570 |
high |
— |
8.5 |
EXP |
|
takeawebjoomla |
15y ago |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id paramete… |
| CVE-2010-5056 |
high |
— |
8.5 |
EXP |
|
gbu_graficijoomla |
15y ago |
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action… |
| CVE-2010-5053 |
high |
— |
8.5 |
EXP |
|
php-shop-systemjoomla |
15y ago |
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.ph… |
| CVE-2010-5048 |
medium |
— |
5.3 |
EXP |
|
joomlatunejoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web scr… |
| CVE-2010-5044 |
medium |
— |
7.0 |
EXP |
|
kanichjoomla |
15y ago |
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQ… |
| CVE-2010-5043 |
medium |
— |
7.0 |
EXP |
|
blueconstantmediajoomla |
15y ago |
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editI… |
| CVE-2010-5042 |
medium |
— |
5.3 |
EXP |
|
blueconstantmediajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in … |
| CVE-2010-5032 |
high |
— |
8.5 |
EXP |
|
tamlyncreativejoomla |
15y ago |
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial acti… |
| CVE-2010-5028 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to inde… |
| CVE-2010-5022 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. |
| CVE-2010-4971 |
medium |
— |
5.3 |
EXP |
|
videowhisperjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. |
| CVE-2010-5003 |
high |
— |
8.5 |
EXP |
|
autarticajoomla |
15y ago |
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial … |
| CVE-2010-4995 |
high |
— |
8.5 |
EXP |
|
neojoomlajoomla |
15y ago |
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action t… |
| CVE-2010-4993 |
high |
— |
8.5 |
EXP |
|
kay_messerschmidtjoomla |
15y ago |
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| CVE-2010-4992 |
high |
— |
8.5 |
EXP |
|
paymentsplusjoomla |
15y ago |
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. |
| CVE-2010-4991 |
high |
— |
8.5 |
EXP |
|
ninjaforgejoomla |
15y ago |
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to inde… |
| CVE-2010-4990 |
high |
— |
8.5 |
EXP |
|
b-elektrojoomla |
15y ago |
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact acti… |
| CVE-2010-4977 |
high |
— |
8.5 |
EXP |
|
miniworkjoomla |
15y ago |
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. |
| CVE-2010-4975 |
high |
— |
8.5 |
EXP |
|
techjoomlajoomla |
15y ago |
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in … |
| CVE-2010-4968 |
high |
— |
8.5 |
EXP |
|
webmaster-tipsjoomla |
15y ago |
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.… |
| CVE-2010-4949 |
medium |
— |
5.3 |
EXP |
|
evnixjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary… |
| CVE-2010-4945 |
high |
— |
8.5 |
EXP |
|
joomla |
15y ago |
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-4944 |
high |
— |
8.5 |
EXP |
|
joomlamambo-foundation |
15y ago |
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProf… |
| CVE-2010-4941 |
high |
— |
8.5 |
EXP |
|
joomlamojoomla |
15y ago |
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save act… |
| CVE-2010-4938 |
high |
— |
8.5 |
EXP |
|
joomla |
15y ago |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php.… |
| CVE-2010-4937 |
high |
— |
8.5 |
EXP |
|
robitbtjoomla |
15y ago |
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to in… |
| CVE-2010-4929 |
high |
— |
8.5 |
EXP |
|
joostina-cmsjoomla |
15y ago |
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. |
| CVE-2010-4928 |
medium |
— |
5.3 |
EXP |
|
photoindochinajoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a… |
| CVE-2010-4927 |
high |
— |
8.5 |
EXP |
|
photoindochinajoomla |
15y ago |
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country actio… |
| CVE-2010-4926 |
high |
— |
8.5 |
EXP |
|
timetrackjoomla |
15y ago |
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to ind… |
| CVE-2010-4918 |
high |
— |
8.5 |
EXP |
|
ijoomlajoomla |
15y ago |
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magaz… |
| CVE-2010-4904 |
high |
— |
8.5 |
EXP |
|
simon_philipsjoomla |
15y ago |
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view a… |
| CVE-2010-4902 |
high |
— |
8.5 |
EXP |
|
joomla-clantoolsjoomla |
15y ago |
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame paramete… |
| CVE-2010-4898 |
high |
— |
8.5 |
EXP |
|
gantry-frameworkjoomla |
15y ago |
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. |
| CVE-2010-4865 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail acti… |
| CVE-2010-4864 |
high |
— |
8.5 |
EXP |
|
danieljamesscottjoomla |
15y ago |
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action t… |
| CVE-2010-4862 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item ac… |
| CVE-2010-4853 |
high |
— |
8.5 |
EXP |
|
chillcreationsjoomla |
15y ago |
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. |
| CVE-2010-4838 |
medium |
— |
7.0 |
EXP |
|
extensiondepotjoomla |
15y ago |
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the a… |
| CVE-2010-4837 |
medium |
— |
5.3 |
EXP |
|
extensiondepotjoomla |
15y ago |
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title fie… |
| CVE-2010-4795 |
high |
— |
8.5 |
EXP |
|
joomlasellerjoomla |
15y ago |
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details ac… |
| CVE-2010-4794 |
medium |
— |
5.3 |
EXP |
|
joomlasellerjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTM… |
| CVE-2010-4769 |
high |
— |
8.5 |
EXP |
|
janguojoomla |
15y ago |
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in… |
| CVE-2010-4719 |
high |
— |
8.5 |
EXP |
|
fxwebdesignjoomla |
16y ago |
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller paramet… |
| CVE-2011-0511 |
high |
— |
8.5 |
EXP |
|
joomtradersjoomla |
16y ago |
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2011-0005 |
medium |
— |
5.3 |
EXP |
|
joomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.p… |
| CVE-2010-4638 |
medium |
— |
7.8 |
EXP |
|
iptechinsidejoomla |
16y ago |
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to exec… |
| CVE-2010-4617 |
medium |
— |
7.8 |
EXP |
|
kanichjoomla |
16y ago |
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section paramet… |
| CVE-2010-4517 |
medium |
— |
7.8 |
EXP |
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cha… |
| CVE-2010-4365 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleve… |
| CVE-2010-4272 |
high |
— |
8.5 |
EXP |
|
pulseinfotechjoomla |
16y ago |
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.p… |
| CVE-2010-4268 |
high |
— |
8.5 |
EXP |
|
pulseinfotechjoomla |
16y ago |
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| CVE-2010-3426 |
high |
— |
8.5 |
EXP |
|
4you-studiojoomla |
16y ago |
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in… |
| CVE-2010-3422 |
high |
— |
8.5 |
EXP |
|
solventusjoomla |
16y ago |
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| CVE-2010-3211 |
high |
— |
8.5 |
EXP |
|
jextnjoomla |
16y ago |
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with … |
| CVE-2010-3203 |
medium |
— |
6.0 |
EXP |
|
xmlswfjoomla |
16y ago |
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfr… |
| CVE-2010-2923 |
high |
— |
8.5 |
EXP |
|
prasannajoomla |
16y ago |
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. |
| CVE-2010-2921 |
high |
— |
8.5 |
EXP |
|
photoindochinajoomla |
16y ago |
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter… |
| CVE-2010-2920 |
medium |
— |
7.8 |
EXP |
|
fooblajoomla |
16y ago |
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in… |
| CVE-2010-2919 |
high |
— |
8.5 |
EXP |
|
joomlaxtjoomla |
16y ago |
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-2918 |
high |
— |
8.5 |
EXP |
|
visocreajoomla |
16y ago |
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via … |
| CVE-2010-2910 |
high |
— |
8.5 |
EXP |
|
joomlaalexred |
16y ago |
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| CVE-2010-2909 |
high |
— |
8.5 |
EXP |
|
toughtomatojoomla |
16y ago |
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to … |
| CVE-2010-2908 |
high |
— |
8.5 |
EXP |
|
joomdlejoomla |
16y ago |
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail actio… |
| CVE-2010-2907 |
high |
— |
8.5 |
EXP |
|
huruhelpdeskjoomla |
16y ago |
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to inde… |
| CVE-2010-2848 |
medium |
— |
6.0 |
EXP |
|
gonzalo_maserjoomla |
16y ago |
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary… |
| CVE-2010-2847 |
high |
— |
8.5 |
EXP |
|
gonzalo_maserjoomla |
16y ago |
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter… |
| CVE-2010-2846 |
medium |
— |
5.3 |
EXP |
|
gonzalo_maserjoomla |
16y ago |
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg para… |
| CVE-2010-2845 |
high |
— |
8.5 |
EXP |
|
schlu.netjoomla |
16y ago |
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index… |
| CVE-2010-2694 |
high |
— |
8.5 |
EXP |
|
redcomponentjoomla |
16y ago |
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php. |
| CVE-2010-2690 |
high |
— |
8.5 |
EXP |
|
jooforgejoomla |
16y ago |
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter i… |
