Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4928 2 Joomla, Photoindochina 2 Joomla\!, Com Restaurantguide 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
CVE-2010-4927 2 Joomla, Photoindochina 2 Joomla\!, Com Restaurantguide 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
CVE-2010-4926 2 Joomla, Timetrack 2 Joomla\!, Com Timetrack 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
CVE-2010-4918 2 Ijoomla, Joomla 2 Com Magazine, Joomla\! 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
CVE-2010-4904 2 Joomla, Simon Philips 2 Joomla\!, Com Aardvertiser 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4902 2 Joomla, Joomla-clantools 2 Joomla\!, Clantools 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
CVE-2010-4898 2 Gantry-framework, Joomla 2 Com Gantry, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
CVE-2010-4865 2 Harmistechnology, Joomla 2 Com Jeguestbook, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
CVE-2010-4864 2 Danieljamesscott, Joomla 2 Com Clubmanager, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
CVE-2010-4862 2 Harmistechnology, Joomla 2 Com Jedirectory, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVE-2010-4853 2 Chillcreations, Joomla 2 Com Ccinvoices, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
CVE-2010-4838 2 Extensiondepot, Joomla 2 Com Jsupport, Joomla\! 2024-11-21 6.0 MEDIUM N/A
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.
CVE-2010-4837 2 Extensiondepot, Joomla 2 Com Jsupport, Joomla\! 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4795 2 Joomla, Joomlaseller 2 Joomla\!, Com Jscalendar 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4794 2 Joomla, Joomlaseller 2 Joomla\!, Com Jscalendar 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalendar action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4769 2 Janguo, Joomla 2 Com Jimtawl, Joomla\! 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php.
CVE-2010-4739 2 Aretimes, Joomla 2 Com Maianmedia, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
CVE-2010-4720 2 Harmistechnology, Joomla 2 Com Jeauto, Joomla\! 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
CVE-2010-4719 2 Fxwebdesign, Joomla 2 Com Jradio, Joomla\! 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-4718 2 Joomla, Lyften 2 Joomla\!, Com Lyftenbloggie 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.