Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla
Subscriptions
Total
215 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0158 | 2 Joomla, Joomlabamboo | 2 Joomla, Jb Simpla | 2024-05-17 | N/A |
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report. | ||||
CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2024-05-17 | N/A |
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 | ||||
CVE-2007-5389 | 2 Joomla, Swmenupro | 2 Joomla, Swmenufree | 2024-05-17 | N/A |
PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests | ||||
CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2024-02-14 | N/A |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | ||||
CVE-2006-0114 | 1 Joomla | 1 Joomla | 2023-11-07 | N/A |
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. | ||||
CVE-2009-4789 | 2 Joomla, Mojoblog | 2 Joomla, Mojoblog | 2022-10-03 | N/A |
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | ||||
CVE-2009-3443 | 2 Fastballproductions, Joomla | 2 Com Fastball, Joomla | 2022-10-03 | N/A |
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | ||||
CVE-2009-3481 | 2 Isygen, Joomla | 2 Com Icrmbasic, Joomla | 2022-10-03 | N/A |
A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2006-0303 | 1 Joomla | 1 Joomla | 2022-10-03 | N/A |
Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. | ||||
CVE-2006-7008 | 1 Joomla | 1 Joomla | 2022-10-03 | N/A |
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | ||||
CVE-2006-7009 | 1 Joomla | 1 Joomla | 2022-10-03 | N/A |
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | ||||
CVE-2006-1047 | 1 Joomla | 1 Joomla | 2022-10-03 | N/A |
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. | ||||
CVE-2006-2960 | 1 Joomla | 1 Joomla | 2018-10-18 | N/A |
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
CVE-2006-1029 | 1 Joomla | 1 Joomla | 2018-10-18 | N/A |
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags. | ||||
CVE-2006-1028 | 1 Joomla | 1 Joomla | 2018-10-18 | N/A |
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php. | ||||
CVE-2006-1027 | 1 Joomla | 1 Joomla | 2018-10-18 | N/A |
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message. | ||||
CVE-2007-2199 | 4 Cjg Explorer Pro, Joomla, Nx and 1 more | 4 Cjg Explorer Pro, Joomla, N X Wcms and 1 more | 2018-10-16 | N/A |
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter. | ||||
CVE-2007-0387 | 1 Joomla | 1 Joomla | 2018-10-16 | N/A |
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
CVE-2007-0375 | 1 Joomla | 1 Joomla | 2018-10-16 | N/A |
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script. | ||||
CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2018-10-16 | N/A |
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. |