Filtered by vendor Joomla
Subscribe
Total
935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | |||||
| CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | |||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-03 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | |||||
| CVE-2006-4378 | 1 Joomla | 1 Rssxt Component | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue | |||||
| CVE-2006-4473 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | |||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package | |||||
| CVE-2006-3970 | 1 Joomla | 1 Lmo | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1030 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path. | |||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2025-04-03 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | |||||
| CVE-2006-1028 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.8 HIGH | N/A |
| feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php. | |||||
| CVE-2024-21724 | 1 Joomla | 1 Joomla\! | 2025-03-27 | N/A | 6.1 MEDIUM |
| Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | |||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 4.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | |||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 6.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | |||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | |||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2025-03-19 | N/A | 5.4 MEDIUM |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | |||||
| CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2025-03-13 | N/A | 6.1 MEDIUM |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. | |||||
| CVE-2024-21731 | 1 Joomla | 1 Joomla\! | 2025-03-13 | N/A | 6.1 MEDIUM |
| Improper handling of input could lead to an XSS vector in the StringHelper::truncate method. | |||||
| CVE-2023-23752 | 1 Joomla | 1 Joomla\! | 2025-02-07 | N/A | 5.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints. | |||||
| CVE-2023-23755 | 1 Joomla | 1 Joomla\! | 2025-01-09 | N/A | 7.5 HIGH |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods. | |||||