Filtered by vendor Joomla
Subscribe
Total
937 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | |||||
| CVE-2006-3481 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission". | |||||
| CVE-2006-2960 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4474 | 1 Joomla | 1 Joomla | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. | |||||
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | |||||
| CVE-2006-1049 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-4469 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | |||||
| CVE-2006-4466 | 1 Joomla | 1 Joomla | 2025-04-03 | 5.0 MEDIUM | N/A |
| Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in Joomla!. | |||||
| CVE-2006-4378 | 1 Joomla | 1 Rssxt Component | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue | |||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2025-04-03 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | |||||
| CVE-2006-4475 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | |||||
| CVE-2024-21724 | 1 Joomla | 1 Joomla\! | 2025-03-27 | N/A | 6.1 MEDIUM |
| Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. | |||||
| CVE-2023-23751 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 4.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | |||||
| CVE-2023-23750 | 1 Joomla | 1 Joomla\! | 2025-03-26 | N/A | 6.3 MEDIUM |
| An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | |||||
| CVE-2024-26279 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| The wrapper extensions do not correctly validate inputs, leading to XSS vectors. | |||||
| CVE-2024-21729 | 1 Joomla | 1 Joomla\! | 2025-03-25 | N/A | 6.1 MEDIUM |
| Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field. | |||||
| CVE-2024-21730 | 1 Joomla | 1 Joomla\! | 2025-03-19 | N/A | 5.4 MEDIUM |
| The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector. | |||||
| CVE-2024-26278 | 1 Joomla | 1 Joomla\! | 2025-03-13 | N/A | 6.1 MEDIUM |
| The Custom Fields component not correctly filter inputs, leading to a XSS vector. | |||||