Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Filtered by product Joomla
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2637 2 Joomla, Ordasoft 2 Joomla, Com Booklibrary 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2635 2 Joomla, Ordasoft 2 Joomla, Com Realestatemanager 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2634 2 Joomla, Ordasoft 2 Joomla, Com Medialibrary 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2633 2 Joomla, Ordasoft 2 Joomla, Com Vehiclemanager 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2609 2 Amotools, Joomla 2 Com Amocourse, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2009-2607 2 Joomla, Pinme 2 Joomla, Com Pinboard 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
CVE-2009-2554 2 Joomla, Olle Johansson 2 Joomla, Jobline 2024-11-21 6.8 MEDIUM N/A
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
CVE-2009-2400 2 Fijiwebdesign, Joomla 2 Com Php, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-2390 2 F-cimag-in, Joomla 2 Com Bookflip, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
CVE-2009-2239 1 Joomla 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-2102 2 Com Jumi, Joomla 2 Com Jumi, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
CVE-2009-2100 2 Joomla, Joomlapraise 2 Joomla, Com Projectfork 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
CVE-2009-2099 2 Ijoomla, Joomla 2 Com Rssfeeder, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
CVE-2009-2015 2 Ideal, Joomla 2 Com Moofaq, Joomla 2024-11-21 7.5 HIGH N/A
Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2009-2014 1 Joomla 2 Com School, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
CVE-2009-1940 1 Joomla 1 Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1939 1 Joomla 1 Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-1938 1 Joomla 1 Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
CVE-2009-1848 2 Joomla, Joomlame 2 Joomla, Com Agoragroup 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.
CVE-2009-1496 2 Ijobid, Joomla 2 Com Cmimarketplace, Joomla 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.