Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 920 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5041 1 Joomla 2 Com Hotproperties, Hot Properties 2024-02-28 7.5 HIGH N/A
Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
CVE-2007-2199 4 Cjg Explorer Pro, Joomla, Nx and 1 more 4 Cjg Explorer Pro, Joomla, N X Wcms and 1 more 2024-02-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
CVE-2008-0746 2 Joomla, Mambo 2 Com Gallery, Com Gallery 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2007-1703 1 Joomla 1 Rwcards Component 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-4503 1 Joomla 1 Nice Talk 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
CVE-2007-4779 1 Joomla 1 Joomla 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.
CVE-2007-4504 1 Joomla 1 Rsfiles 2024-02-28 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
CVE-2008-0829 3 Joomla, Joomlapixel, Mambo 3 Joomla, Jooget, Mambo 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
CVE-2008-0689 1 Joomla 1 Com Marketplace 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.
CVE-2008-0653 1 Joomla 1 Com Ynews 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
CVE-2007-6643 1 Joomla 1 Joomla 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-4188 1 Joomla 1 Joomla\! 2024-02-28 9.3 HIGH N/A
Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.
CVE-2008-0514 2 Joomla, Mambo 2 Glossary, Glossary 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
CVE-2008-0831 1 Joomla 1 Rapid Recipe 2024-02-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
CVE-2008-0579 1 Joomla 1 Com Buslicense 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
CVE-2007-4954 1 Joomla 1 Joom12pic Component 2024-02-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2006-5044 2 Joomla, Mambo 2 Prince Clan Chess Component, Prince Clan Chess Component 2024-02-28 7.5 HIGH N/A
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
CVE-2008-0817 2 Joomla, Mambo 2 Com Filebase Component, Com Filebase Component 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
CVE-2008-0772 2 Joomla, Mambo 2 Com Doc, Com Doc 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
CVE-2008-0773 3 Joomla, Mambo, Phil Taylor 4 Com Comments, Com Comments, Comments and 1 more 2024-02-28 7.5 HIGH N/A
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.