Filtered by vendor Joomla
Subscriptions
Total
943 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | ||||
| CVE-2008-0772 | 2 Joomla, Mambo | 2 Com Doc, Com Doc | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task. | ||||
| CVE-2008-0686 | 2 Joomla, Mambo | 2 Com Neoreferences, Com Neoreferences | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2008-6653 | 3 Joomla, Mambo, Wh-com | 3 Joomla, Mambo, Com Webhosting | 2025-04-09 | N/A |
| SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||
| CVE-2007-5309 | 2 Joomla, Webmaster-tips.net | 2 Joomla, Flash Image Gallery | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2008-0653 | 1 Joomla | 1 Com Ynews | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action. | ||||
| CVE-2007-4780 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | ||||
| CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | ||||
| CVE-2008-0512 | 1 Joomla | 1 Com Fq | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | ||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | ||||
| CVE-2008-0511 | 2 Joomla, Mambo | 2 Com Mamml, Com Mamml | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | ||||
| CVE-2008-5875 | 2 Joomla, Joomlahbs | 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System | 2025-04-09 | N/A |
| SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | ||||
| CVE-2007-6643 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-6644 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. | ||||
| CVE-2008-5494 | 2 Digitalgreys, Joomla | 2 Com Contactinfo, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||
| CVE-2008-4104 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL. | ||||
| CVE-2010-0157 | 2 Joomla, Joomlabiblestudy | 2 Joomla\!, Com Biblestudy | 2025-04-09 | N/A |
| Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. | ||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2025-04-09 | N/A |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | ||||
| CVE-2008-6489 | 2 Huseyin Bora Abaci, Joomla | 2 Com Myalbum, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. | ||||
| CVE-2009-3835 | 2 Joomla, Whorl Ltd | 2 Joomla, Jshop | 2025-04-09 | N/A |
| SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php. | ||||