Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla
Subscriptions
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2025-04-09 | N/A |
| SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | ||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | ||||
| CVE-2009-2782 | 2 Jfusion, Joomla | 2 Com Jfusion, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | ||||
| CVE-2009-1263 | 2 Alikonweb, Joomla | 2 Com Bookjoomlas, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. | ||||
| CVE-2008-1849 | 3 Joomla, Joomlacode, Mambo | 3 Joomla, Joomlaexplorer, Mambo | 2025-04-09 | N/A |
| Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action. | ||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2008-5643 | 2 Joomla, Mambo | 3 Com Books, Joomla, Mambo | 2025-04-09 | N/A |
| SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. | ||||
| CVE-2009-2635 | 2 Joomla, Ordasoft | 2 Joomla, Com Realestatemanager | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | ||||
| CVE-2008-5607 | 2 Joomitaly, Joomla | 2 Jmovies, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2008-2676 | 1 Joomla | 2 Com News Portal, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | ||||
| CVE-2008-6653 | 3 Joomla, Mambo, Wh-com | 3 Joomla, Mambo, Com Webhosting | 2025-04-09 | N/A |
| SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||
| CVE-2009-2634 | 2 Joomla, Ordasoft | 2 Joomla, Com Medialibrary | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2025-04-09 | N/A |
| SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | ||||
| CVE-2009-4573 | 2 Joomla, Joomlabear | 2 Joomla, Mod Joomulus | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-4184 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | ||||
| CVE-2009-0329 | 1 Joomla | 2 Com Pccookbook, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844. | ||||
| CVE-2009-0333 | 1 Joomla | 2 Com Waticketsystem, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | ||||
| CVE-2007-4780 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | ||||
| CVE-2009-1848 | 2 Joomla, Joomlame | 2 Joomla, Com Agoragroup | 2025-04-09 | N/A |
| SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | ||||