Filtered by vendor Joomla
Subscribe
Total
920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2609 | 2 Amotools, Joomla | 2 Com Amocourse, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
CVE-2008-2632 | 1 Joomla | 2 Com Acctexp, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php. | |||||
CVE-2009-2395 | 2 Joomla, Joomlaworks | 2 Joomla\!, Com K2 | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php. | |||||
CVE-2008-1559 | 2 Bernard Gilly, Joomla | 2 Com Alphacontent, Joomla\! | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | |||||
CVE-2008-1459 | 4 Joomla, Joomlaitalia, Mambo and 1 more | 4 Joomla, Com Alberghi, Mambo and 1 more | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
CVE-2008-2892 | 2 Feellove, Joomla | 2 Exp Shop Component, Com Expshop | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php. | |||||
CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | |||||
CVE-2008-4122 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
CVE-2009-3368 | 2 Joomla, Joomlahbs | 2 Joomla\!, Com Hbssearch | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. | |||||
CVE-2009-1258 | 2 Joomla, Rd-media | 2 Joomla, Com Rdautos | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-5789 | 2 Joomla, Recly | 2 Joomla, Interactive Feederator | 2024-02-28 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | |||||
CVE-2008-2701 | 1 Joomla | 1 Com Gameq | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php. | |||||
CVE-2008-4764 | 2 Extplorer, Joomla | 2 Com Extplorer, Joomla\! | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. | |||||
CVE-2009-3342 | 2 Alphaplug, Joomla | 2 Com Alphauserpoints, Joomla\! | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter. | |||||
CVE-2008-4103 | 1 Joomla | 2 Com Mailto, Joomla | 2024-02-28 | 5.0 MEDIUM | N/A |
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | |||||
CVE-2008-5494 | 2 Digitalgreys, Joomla | 2 Com Contactinfo, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | |||||
CVE-2008-6184 | 2 Joomla, Medialab-karlsruhe | 2 Joomla, Ownbiblio | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. | |||||
CVE-2008-3083 | 2 Brightcode, Joomla | 2 Brightcode Weblinks Module, Com Brightweblinks | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. |