Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Filtered by product Joomla
Total 215 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6923 1 Joomla 2 Com Content, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
CVE-2008-6883 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6882 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2024-11-21 7.5 HIGH N/A
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
CVE-2008-6841 2 Gmitc, Joomla 2 Com Dbquery, Joomla 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.
CVE-2008-6653 3 Joomla, Mambo, Wh-com 3 Joomla, Mambo, Com Webhosting 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-6489 2 Huseyin Bora Abaci, Joomla 2 Com Myalbum, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.
CVE-2008-6483 2 Joomla, Virtuemart-solutions 2 Joomla, Com Googlebase 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6482 2 Joomla, Justjoomla 2 Joomla, Com Treeg 2024-11-21 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
CVE-2008-6481 3 Joomla, Joomprod, Mambo-foundation 3 Joomla, Com Versioning, Mambo 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
CVE-2008-6430 1 Joomla 2 Com Mycontent, Joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2008-6429 2 Joomla, Mike Leeper 2 Joomla, Com Prayercenter 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
CVE-2008-6347 2 Joomla, Luigi Massa 2 Joomla, Onguma Time Sheet 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-6337 2 Joomla, Joomlaapps 2 Joomla, Com Volunteer 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.
CVE-2008-6299 1 Joomla 1 Joomla 2024-11-21 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
CVE-2008-6234 2 Joomla, Mambo-foundation 4 Com Musica, Joomla, Com Musica and 1 more 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-6222 2 Joomla, Joomlashowroom 2 Joomla, Pro Desk Support Center 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2008-6221 2 Dadamailproject, Joomla 2 Dada Mail Manager, Joomla 2024-11-21 7.5 HIGH N/A
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2008-6184 2 Joomla, Medialab-karlsruhe 2 Joomla, Ownbiblio 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
CVE-2008-6181 2 Joomla, Mad4media 2 Joomla, Com Mad4joomla 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
CVE-2008-6172 2 Joomla, Weberr 2 Joomla, Rwcards 2024-11-21 6.8 MEDIUM N/A
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.