Filtered by vendor Joomla
Subscribe
Total
935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6172 | 2 Joomla, Weberr | 2 Joomla, Rwcards | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. | |||||
| CVE-2006-4996 | 1 Joomla | 1 Joomlalib | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." | |||||
| CVE-2007-4506 | 1 Joomla | 1 Neorecruit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action. | |||||
| CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | |||||
| CVE-2009-4099 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4573 | 2 Joomla, Joomlabear | 2 Joomla, Mod Joomulus | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1704 | 1 Joomla | 1 Car Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6181 | 2 Joomla, Mad4media | 2 Joomla, Com Mad4joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. | |||||
| CVE-2007-5363 | 2 Joomla, Webmaster-tips | 2 Joomla, Panoramic Picture Viewer | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7033 | 2 Galore, Joomla | 2 Com Simpleshop, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2008-3681 | 1 Joomla | 1 Com User | 2025-04-09 | 7.5 HIGH | N/A |
| components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator. | |||||
| CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
| CVE-2008-1137 | 2 Joomla, Mambo | 2 Com Garyscookbook, Com Garyscookbook | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2007-4502 | 1 Joomla | 1 Bibtex | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter. | |||||
| CVE-2008-2633 | 1 Joomla | 2 Com Joomradio, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php. | |||||
| CVE-2007-4046 | 1 Joomla | 1 Pony Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-3226 | 1 Joomla | 1 Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
| The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. | |||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-7122 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. | |||||
| CVE-2009-3971 | 2 Joomla, Jtips | 2 Joomla\!, Com Jtips | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php. | |||||