Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 588 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-2891 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM N/A
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488.
CVE-2011-2890 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM N/A
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488.
CVE-2011-2889 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM N/A
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.
CVE-2011-2710 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
CVE-2011-2509 1 Joomla 1 Joomla\! 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
CVE-2011-2488 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM N/A
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2011-1151 1 Joomla 1 Joomla\! 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
CVE-2011-0511 2 Joomla, Joomtraders 2 Joomla\!, Com Allcinevid 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2011-0005 1 Joomla 2 Com Search, Joomla\! 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
CVE-2010-5286 2 Joobi, Joomla 2 Com Jstore, Joomla\! 2024-11-21 10.0 HIGH N/A
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-5280 2 Joomla, Joomla-cbe 2 Joomla\!, Com Cbe 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
CVE-2010-5056 2 Gbu Grafici, Joomla 2 Com Gbufacebook, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
CVE-2010-5053 2 Joomla, Php-shop-system 2 Joomla\!, Com Xobbix 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
CVE-2010-5048 2 Joomla, Joomlatune 2 Joomla\!, Com Jcomments 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
CVE-2010-5044 2 Joomla, Kanich 2 Joomla\!, Com Searchlog 2024-11-21 6.0 MEDIUM N/A
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-5043 2 Blueconstantmedia, Joomla 2 Com Djartgallery, Joomla\! 2024-11-21 6.0 MEDIUM N/A
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
CVE-2010-5042 2 Blueconstantmedia, Joomla 2 Com Djartgallery, Joomla\! 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-5032 2 Joomla, Tamlyncreative 2 Joomla\!, Com Bfquiztrial 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
CVE-2010-5028 2 Harmistechnology, Joomla 2 Com Jejob, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVE-2010-5022 2 Harmistechnology, Joomla 2 Com Jesubmit, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.