Vulnerabilities (CVE)

Filtered by vendor Joomla Subscribe
Total 917 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4506 1 Joomla 1 Neorecruit 2017-09-29 7.5 HIGH N/A
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
CVE-2007-4504 1 Joomla 1 Rsfiles 2017-09-29 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
CVE-2007-4503 1 Joomla 1 Nice Talk 2017-09-29 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
CVE-2007-4502 1 Joomla 1 Bibtex 2017-09-29 7.5 HIGH N/A
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
CVE-2007-4046 1 Joomla 1 Pony Gallery 2017-09-29 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-3932 1 Joomla 1 Expose 2017-09-29 7.5 HIGH N/A
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
CVE-2017-14596 1 Joomla 1 Joomla\! 2017-09-27 5.0 MEDIUM 9.8 CRITICAL
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2015-5608 1 Joomla 1 Joomla\! 2017-09-22 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
CVE-2009-4938 2 Joomla, Warphd 2 Joomla\!, Com Jvideo 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
CVE-2009-4628 2 Joomla, Templateplaza 2 Joomla\!, Com Tpdugg 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
CVE-2009-4625 2 Joomla, Tamlyncreative 2 Joomla\!, Com Bfsurvey Profree 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.
CVE-2009-4620 2 Joomla, Joomloc 2 Joomla\!, Com Joomloc 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
CVE-2009-4619 2 Joomla, Lucygames 2 Joomla\!, Com Lucygames 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4550 2 Joomla, Kunena 2 Joomla\!, Kunena Forum 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.
CVE-2009-4475 2 Joomla, Joomlub 2 Joomla\!, Com Joomlub 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
CVE-2009-4202 2 Joomla, Omilenitsolutions 2 Joomla\!, Com Omphotogallery 2017-09-19 7.5 HIGH N/A
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
CVE-2009-4200 2 Joomla, Vollmar 2 Joomla\!, Com Seminar 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
CVE-2009-4199 3 Joomla, Mambo-foundation, Mamboforge 3 Joomla\!, Mambo, Com Mosres 2017-09-19 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
CVE-2009-3972 2 Joomla, Qproje 2 Joomla\!, Com Siirler 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
CVE-2009-3971 2 Joomla, Jtips 2 Joomla\!, Com Jtips 2017-09-19 7.5 HIGH N/A
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.