Filtered by vendor Joomla
Subscribe
Total
937 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4103 | 1 Joomla | 2 Com Mailto, Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
| The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam. | |||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | |||||
| CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. | |||||
| CVE-2007-6645 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | |||||
| CVE-2007-4954 | 1 Joomla | 1 Joom12pic Component | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2009-1279 | 1 Joomla | 1 Joomla | 2025-04-09 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. | |||||
| CVE-2007-4186 | 1 Joomla | 1 Tour De France Pool | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.tour_toto.php in the Tour de France Pool (com_tour_toto) 1.0.1 module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-2676 | 1 Joomla | 2 Com News Portal, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | |||||
| CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | |||||
| CVE-2007-4504 | 1 Joomla | 1 Rsfiles | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. | |||||
| CVE-2008-3132 | 1 Joomla | 1 Com Beamospetition | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php. | |||||
| CVE-2009-1263 | 2 Alikonweb, Joomla | 2 Com Bookjoomlas, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. | |||||
| CVE-2008-6881 | 2 Joomla, Joompolitan | 2 Joomla\!, Com Livechat | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php. | |||||
| CVE-2007-4777 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
| CVE-2008-6068 | 2 Joomla, Web Design Hero | 2 Joomla, Joomladate | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php. | |||||
| CVE-2006-5047 | 1 Joomla | 1 Rs Gallery2 | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code. | |||||
| CVE-2007-0373 | 1 Joomla | 1 Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. | |||||
| CVE-2009-3053 | 2 Joomla, Jvitals | 2 Joomla, Com Agora | 2025-04-09 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. | |||||
| CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||||