Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Filtered by product Joomla
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1280 1 Joomla 1 Joomla 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2009-1279 1 Joomla 1 Joomla 2024-11-21 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
CVE-2009-1263 2 Alikonweb, Joomla 2 Com Bookjoomlas, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
CVE-2009-1258 2 Joomla, Rd-media 2 Joomla, Com Rdautos 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-0730 3 Gigcalendar, Joomla, Mambo 3 Com Gigcalendar, Joomla, Mambo 2024-11-21 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
CVE-2009-0726 3 Gigcalendar, Joomla, Mambo 3 Com Gigcalendar, Joomla, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
CVE-2009-0706 3 Joomla, Mambo, Simple-review 3 Joomla, Mambo, Com Simple Review 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
CVE-2009-0702 2 Joomla, Phoca 2 Joomla, Com Phocadocumentation 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
CVE-2009-0494 2 Joomla, Mivaco 2 Joomla, Com Portfol 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
CVE-2009-0421 1 Joomla 2 Com Eventing, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-0420 2 Joomla, Rd-media 2 Joomla, Rd-autos 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-0381 2 Bazaarbuilder, Joomla 2 Ecommerce Shopping Cart, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
CVE-2009-0380 3 Joomla, Mambo-foundation, Sigsiu.net 3 Joomla, Mambo, Sobi2 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
CVE-2009-0379 1 Joomla 2 Com Pcchess, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2009-0378 1 Joomla 2 Com Beamospetition, Joomla 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
CVE-2009-0377 1 Joomla 2 Com Beamospetition, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
CVE-2009-0373 2 Elearningforce, Joomla 2 Flash Magazine Deluxe, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
CVE-2009-0333 1 Joomla 2 Com Waticketsystem, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2009-0329 1 Joomla 2 Com Pccookbook, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
CVE-2009-0113 1 Joomla 2 Joomla, Xstandard 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.