Filtered by vendor Joomla
Subscribe
Total
937 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0694 | 2 Joomla, Percha | 2 Joomla, Com Perchagallery | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php. | |||||
| CVE-2010-1532 | 2 Givesight, Joomla | 2 Com Powermail, Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-0985 | 2 Chris Simon, Joomla | 2 Com Abbrev, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1603 | 2 Joomla, Zimbllc | 2 Joomla\!, Com Zimbcore | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1471 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-4937 | 2 Joomla, Robitbt | 2 Joomla\!, Com Amblog | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php. | |||||
| CVE-2012-1612 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-5044 | 2 Joomla, Kanich | 2 Joomla\!, Com Searchlog | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4929 | 2 Joomla, Joostina-cms | 2 Joomla\!, Com Ezautos | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. | |||||
| CVE-2010-1607 | 2 Joomla, Paysyspro | 2 Joomla\!, Com Wmi | 2025-04-11 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2011-2889 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. | |||||
| CVE-2010-1468 | 2 Focusdev, Joomla | 2 Com Mv Restaurantmenumanager, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php. | |||||
| CVE-2010-2044 | 2 Adhie Utomo, Joomla | 2 Com Konsultasi, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php. | |||||
| CVE-2010-2535 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens. | |||||
| CVE-2010-1305 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Jinventory | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-1522 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. | |||||
| CVE-2013-3267 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1081 | 2 Corejoomla, Joomla | 2 Com Communitypolls, Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | |||||
| CVE-2010-5032 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfquiztrial | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | |||||
| CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||