Filtered by vendor Joomla
Subscribe
Total
920 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0518 | 2 Joomla, Mambo | 2 Com Recipes, Com Recipes | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
CVE-2007-4777 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
CVE-2008-0918 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0841 | 2 Joomla, Mambo | 2 Com Ricette Component, Com Ricette Component | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2007-5362 | 3 Ag-solutions, Joomla, Mambo | 3 Mosmedia Lite, Joomla, Mambo | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. | |||||
CVE-2007-5410 | 2 Joomla, Webmaster-tips | 2 Joomla, Flash Rss Reader | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
CVE-2008-0670 | 1 Joomla | 1 Com Noticias | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action. | |||||
CVE-2008-0762 | 1 Joomla | 1 Com Iomezun | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | |||||
CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||||
CVE-2008-0519 | 2 Joomla, Mambo | 2 Com Jokes, Com Jokes | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action. | |||||
CVE-2008-0761 | 1 Joomla | 1 Com Pcchess | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action. | |||||
CVE-2007-0373 | 1 Joomla | 1 Joomla | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. | |||||
CVE-2008-0517 | 3 Darko Selesi, Joomla, Mambo | 3 Estateagent, Joomla, Mambo | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. | |||||
CVE-2007-6272 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | |||||
CVE-2008-0853 | 2 Joomla, Mambo | 2 Com Detail, Com Detail | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | |||||
CVE-2007-4187 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | |||||
CVE-2006-5043 | 2 Joomla, Joomlaboard | 2 Joomla\!, Joomlaboard | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | |||||
CVE-2007-0375 | 1 Joomla | 1 Joomla | 2024-02-28 | 5.0 MEDIUM | N/A |
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | |||||
CVE-2007-5310 | 2 Joomla, Webmaster-tips.net | 2 Joomla, Flash Image Gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. |