| CVE-2026-48901 |
high |
7.5 |
7.5 |
|
|
joomla |
8d ago |
The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key. |
| CVE-2026-48896 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
Insufficient state checks lead to a vector that allows to bypass 2FA checks. |
| CVE-2026-40384 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. |
| CVE-2026-48897 |
high |
7.5 |
7.5 |
|
|
joomla |
9d ago |
Insufficient state checks lead to a vector that allows to bypass 2FA checks. |
| CVE-2017-14595 |
low |
3.7 |
3.7 |
|
|
joomla |
9y ago |
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. |
| CVE-2017-11364 |
high |
8.8 |
8.8 |
|
|
joomla |
9y ago |
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate… |
| CVE-2017-9933 |
high |
7.5 |
7.5 |
|
|
joomla |
9y ago |
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. |
| CVE-2016-9838 |
high |
7.5 |
8.5 |
EXP |
|
joomla |
10y ago |
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us… |
| CVE-2016-9837 |
high |
7.5 |
7.5 |
|
|
joomla |
10y ago |
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all… |
| CVE-2016-8870 |
high |
8.1 |
9.1 |
EXP |
|
joomla |
10y ago |
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create … |
| CVE-2015-8769 |
high |
7.3 |
7.3 |
|
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-8566 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
Joomla! Framework Remote Code Injection Vulnerability |
| CVE-2015-8565 |
high |
— |
7.5 |
|
|
joomla |
11y ago |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. |
| CVE-2015-8564 |
high |
— |
7.5 |
|
|
joomla |
11y ago |
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package ar… |
| CVE-2015-8562 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in Dece… |
| CVE-2015-7858 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. |
| CVE-2015-7857 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL… |
| CVE-2015-7297 |
high |
— |
8.5 |
EXP |
|
joomla |
11y ago |
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. |
| CVE-2015-4654 |
high |
— |
7.5 |
|
|
joomla |
11y ago |
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. |
| CVE-2014-7228 |
high |
— |
8.5 |
EXP |
|
joomla |
12y ago |
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for … |
| CVE-2014-7984 |
high |
— |
7.5 |
|
|
joomla |
12y ago |
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. |
| CVE-2014-7981 |
high |
— |
8.5 |
EXP |
|
joomla |
12y ago |
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2014-6632 |
high |
— |
7.5 |
|
|
joomla |
12y ago |
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. |
| CVE-2013-1453 |
high |
— |
8.5 |
EXP |
|
joomla |
14y ago |
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary d… |
| CVE-2012-1598 |
high |
— |
7.5 |
|
|
joomla |
14y ago |
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." |
| CVE-2010-5280 |
high |
— |
8.5 |
EXP |
|
joomla-cbejoomla |
14y ago |
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files… |
| CVE-2012-5230 |
high |
— |
7.5 |
|
|
harmistechnologyjoomla |
14y ago |
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. |
| CVE-2012-1116 |
high |
— |
8.5 |
EXP |
|
joomla |
14y ago |
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-5101 |
high |
— |
7.5 |
|
|
jextensionsjoomla |
14y ago |
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-7247 |
high |
— |
8.5 |
EXP |
|
joomlamambo-foundation |
14y ago |
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| CVE-2012-4868 |
high |
— |
7.5 |
|
|
kunenajoomla |
14y ago |
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2011-5113 |
high |
— |
8.5 |
EXP |
|
techdelugejoomla |
14y ago |
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid param… |
| CVE-2011-5112 |
high |
— |
8.5 |
EXP |
|
blueflyingfishjoomla |
14y ago |
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. |
| CVE-2011-5099 |
high |
— |
8.5 |
EXP |
|
chillcreationsjoomla |
14y ago |
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id p… |
| CVE-2012-3554 |
high |
— |
7.5 |
|
|
rsgallery2joomla |
14y ago |
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands … |
| CVE-2012-2747 |
high |
— |
7.5 |
|
|
joomla |
14y ago |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." |
| CVE-2011-4830 |
low |
— |
4.5 |
EXP |
|
barter-sitesjoomla |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via … |
| CVE-2011-4829 |
high |
— |
8.5 |
EXP |
|
barter-sitesjoomla |
15y ago |
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. |
| CVE-2011-4823 |
high |
— |
8.5 |
EXP |
|
extensionsforjoomlajoomla |
15y ago |
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a re… |
| CVE-2011-4808 |
high |
— |
8.5 |
EXP |
|
joomlaextensionsjoomla |
15y ago |
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action… |
| CVE-2011-4571 |
high |
— |
8.5 |
EXP |
|
eaimprovedjoomla |
15y ago |
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. |
| CVE-2011-4570 |
high |
— |
8.5 |
EXP |
|
takeawebjoomla |
15y ago |
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id paramete… |
| CVE-2010-5056 |
high |
— |
8.5 |
EXP |
|
gbu_graficijoomla |
15y ago |
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action… |
| CVE-2010-5053 |
high |
— |
8.5 |
EXP |
|
php-shop-systemjoomla |
15y ago |
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.ph… |
| CVE-2010-5032 |
high |
— |
8.5 |
EXP |
|
tamlyncreativejoomla |
15y ago |
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial acti… |
| CVE-2010-5028 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to inde… |
| CVE-2010-5022 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. |
| CVE-2010-5003 |
high |
— |
8.5 |
EXP |
|
autarticajoomla |
15y ago |
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial … |
| CVE-2010-4995 |
high |
— |
8.5 |
EXP |
|
neojoomlajoomla |
15y ago |
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action t… |
| CVE-2010-4994 |
high |
— |
7.5 |
|
|
instantphpjoomla |
15y ago |
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html. |
| CVE-2010-4993 |
high |
— |
8.5 |
EXP |
|
kay_messerschmidtjoomla |
15y ago |
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| CVE-2010-4992 |
high |
— |
8.5 |
EXP |
|
paymentsplusjoomla |
15y ago |
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. |
| CVE-2010-4991 |
high |
— |
8.5 |
EXP |
|
ninjaforgejoomla |
15y ago |
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to inde… |
| CVE-2010-4990 |
high |
— |
8.5 |
EXP |
|
b-elektrojoomla |
15y ago |
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact acti… |
| CVE-2010-4977 |
high |
— |
8.5 |
EXP |
|
miniworkjoomla |
15y ago |
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. |
| CVE-2010-4975 |
high |
— |
8.5 |
EXP |
|
techjoomlajoomla |
15y ago |
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in … |
| CVE-2010-4968 |
high |
— |
8.5 |
EXP |
|
webmaster-tipsjoomla |
15y ago |
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.… |
| CVE-2010-4945 |
high |
— |
8.5 |
EXP |
|
joomla |
15y ago |
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-4944 |
high |
— |
8.5 |
EXP |
|
joomlamambo-foundation |
15y ago |
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProf… |
| CVE-2010-4941 |
high |
— |
8.5 |
EXP |
|
joomlamojoomla |
15y ago |
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save act… |
| CVE-2010-4938 |
high |
— |
8.5 |
EXP |
|
joomla |
15y ago |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php.… |
| CVE-2010-4937 |
high |
— |
8.5 |
EXP |
|
robitbtjoomla |
15y ago |
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to in… |
| CVE-2010-4936 |
high |
— |
7.5 |
|
|
webmaster-tipsjoomla |
15y ago |
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| CVE-2010-4929 |
high |
— |
8.5 |
EXP |
|
joostina-cmsjoomla |
15y ago |
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. |
| CVE-2010-4927 |
high |
— |
8.5 |
EXP |
|
photoindochinajoomla |
15y ago |
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country actio… |
| CVE-2010-4926 |
high |
— |
8.5 |
EXP |
|
timetrackjoomla |
15y ago |
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to ind… |
| CVE-2010-4918 |
high |
— |
8.5 |
EXP |
|
ijoomlajoomla |
15y ago |
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magaz… |
| CVE-2010-4904 |
high |
— |
8.5 |
EXP |
|
simon_philipsjoomla |
15y ago |
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view a… |
| CVE-2010-4902 |
high |
— |
8.5 |
EXP |
|
joomla-clantoolsjoomla |
15y ago |
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame paramete… |
| CVE-2010-4898 |
high |
— |
8.5 |
EXP |
|
gantry-frameworkjoomla |
15y ago |
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php. |
| CVE-2010-4865 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail acti… |
| CVE-2010-4864 |
high |
— |
8.5 |
EXP |
|
danieljamesscottjoomla |
15y ago |
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action t… |
| CVE-2010-4862 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
15y ago |
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item ac… |
| CVE-2010-4853 |
high |
— |
8.5 |
EXP |
|
chillcreationsjoomla |
15y ago |
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. |
| CVE-2008-7302 |
high |
— |
7.5 |
|
|
netshinesoftwarejoomla |
15y ago |
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving… |
| CVE-2010-4795 |
high |
— |
8.5 |
EXP |
|
joomlasellerjoomla |
15y ago |
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details ac… |
| CVE-2010-4769 |
high |
— |
8.5 |
EXP |
|
janguojoomla |
15y ago |
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in… |
| CVE-2010-4739 |
high |
— |
7.5 |
|
|
aretimesjoomla |
16y ago |
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index… |
| CVE-2010-4720 |
high |
— |
7.5 |
|
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the v… |
| CVE-2010-4719 |
high |
— |
8.5 |
EXP |
|
fxwebdesignjoomla |
16y ago |
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller paramet… |
| CVE-2011-0511 |
high |
— |
8.5 |
EXP |
|
joomtradersjoomla |
16y ago |
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-4702 |
high |
— |
7.5 |
|
|
fxwebdesignjoomla |
16y ago |
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4696 |
high |
— |
7.5 |
|
|
joomla |
16y ago |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_cont… |
| CVE-2010-4166 |
high |
— |
7.5 |
|
|
joomla |
16y ago |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to … |
| CVE-2010-4404 |
high |
— |
7.5 |
|
|
anything-digitaljoomla |
16y ago |
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4365 |
high |
— |
8.5 |
EXP |
|
harmistechnologyjoomla |
16y ago |
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleve… |
| CVE-2010-4272 |
high |
— |
8.5 |
EXP |
|
pulseinfotechjoomla |
16y ago |
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.p… |
| CVE-2010-4268 |
high |
— |
8.5 |
EXP |
|
pulseinfotechjoomla |
16y ago |
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| CVE-2010-2535 |
low |
— |
3.5 |
|
|
joomla |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. |
| CVE-2010-3426 |
high |
— |
8.5 |
EXP |
|
4you-studiojoomla |
16y ago |
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in… |
| CVE-2010-3422 |
high |
— |
8.5 |
EXP |
|
solventusjoomla |
16y ago |
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| CVE-2010-3211 |
high |
— |
8.5 |
EXP |
|
jextnjoomla |
16y ago |
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with … |
| CVE-2010-3028 |
low |
— |
3.6 |
|
|
simon_philipsjoomla |
16y ago |
The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. |
| CVE-2010-2923 |
high |
— |
8.5 |
EXP |
|
prasannajoomla |
16y ago |
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. |
| CVE-2010-2921 |
high |
— |
8.5 |
EXP |
|
photoindochinajoomla |
16y ago |
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter… |
| CVE-2010-2919 |
high |
— |
8.5 |
EXP |
|
joomlaxtjoomla |
16y ago |
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| CVE-2010-2918 |
high |
— |
8.5 |
EXP |
|
visocreajoomla |
16y ago |
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via … |
| CVE-2010-2910 |
high |
— |
8.5 |
EXP |
|
joomlaalexred |
16y ago |
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| CVE-2010-2909 |
high |
— |
8.5 |
EXP |
|
toughtomatojoomla |
16y ago |
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to … |
| CVE-2010-2908 |
high |
— |
8.5 |
EXP |
|
joomdlejoomla |
16y ago |
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail actio… |
