Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 603 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1718 2 Joomla, Lispeltuut 2 Joomla\!, Com Archeryscores 2025-04-11 6.8 MEDIUM N/A
Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1081 2 Corejoomla, Joomla 2 Com Communitypolls, Joomla\! 2025-04-11 5.0 MEDIUM N/A
Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2013-3242 1 Joomla 1 Joomla\! 2025-04-11 5.5 MEDIUM N/A
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
CVE-2010-4937 2 Joomla, Robitbt 2 Joomla\!, Com Amblog 2025-04-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
CVE-2011-4909 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
CVE-2009-4620 2 Joomla, Joomloc 2 Joomla\!, Com Joomloc 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
CVE-2010-4993 2 Joomla, Kay Messerschmidt 2 Joomla\!, Com Eventcal 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2012-0836 1 Joomla 1 Joomla\! 2025-04-11 5.0 MEDIUM N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.
CVE-2010-2513 2 Harmistechnology, Joomla 2 Com Jeajaxeventcalendar, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-1603 2 Joomla, Zimbllc 2 Joomla\!, Com Zimbcore 2025-04-11 7.5 HIGH N/A
Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-1473 2 Johnmccollum, Joomla 2 Com Advertising, Joomla\! 2025-04-11 6.8 MEDIUM N/A
Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4619 2 Joomla, Lucygames 2 Joomla\!, Com Lucygames 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-3829 1 Joomla 1 Joomla\! 2025-04-11 5.0 MEDIUM N/A
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
CVE-2010-1977 2 Gohigheris, Joomla 2 Com Jwhmcs, Joomla\! 2025-04-11 7.5 HIGH N/A
Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2921 2 Joomla, Photoindochina 2 Joomla\!, Com Golfcourseguide 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
CVE-2012-5827 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attackers to conduct clickjacking attacks via unspecified vectors involving "Inadequate protection."
CVE-2010-1723 2 Joomla, Joomlacomponent.inetlanka 2 Joomla\!, Com Drawroot 2025-04-11 6.8 MEDIUM N/A
Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2845 2 Joomla, Schlu.net 2 Joomla\!, Com Quickfaq 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
CVE-2011-4829 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2025-04-11 7.5 HIGH N/A
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVE-2012-5230 2 Harmistechnology, Joomla 2 Com Jesubmit, Joomla\! 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.