Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6379 1 Joomla 1 Joomla\! 2018-02-13 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVE-2017-16634 1 Joomla 1 Joomla\! 2017-11-28 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-16633 1 Joomla 1 Joomla\! 2017-11-28 4.0 MEDIUM 4.3 MEDIUM
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVE-2006-5048 2 Joomla, Waltercedric 2 Joomla\!, Com Securityimages 2017-10-18 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
CVE-2006-5043 2 Joomla, Joomlaboard 2 Joomla\!, Joomlaboard 2017-10-10 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528.
CVE-2009-1822 2 Gonzalo Maser, Joomla 2 Com Artforms, Joomla\! 2017-09-28 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php.
CVE-2009-1736 1 Joomla 2 Com Gsticketsystem, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
CVE-2009-1499 1 Joomla 2 Com Mailto, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
CVE-2009-3342 2 Alphaplug, Joomla 2 Com Alphauserpoints, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
CVE-2008-6182 1 Joomla 2 Ignitegallery, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
CVE-2008-7169 2 Jabode, Joomla 2 Com Jabode, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
CVE-2008-6881 2 Joomla, Joompolitan 2 Joomla\!, Com Livechat 2017-09-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
CVE-2008-6852 2 Joomla, Markus Donhauser 2 Joomla\!, Ice Gallery Component For Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-4764 2 Extplorer, Joomla 2 Com Extplorer, Joomla\! 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-3498 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-1559 2 Bernard Gilly, Joomla 2 Com Alphacontent, Joomla\! 2017-09-28 6.8 MEDIUM N/A
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2008-1465 3 Detodas, Joomla, Mambo-foundation 3 Com Restaurante, Joomla\!, Mambo 2017-09-28 9.3 HIGH N/A
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
CVE-2008-0801 3 Joomla, Mambo-foundation, Paxxgallery 3 Joomla\!, Mambo, Com Paxxgallery 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.
CVE-2017-14596 1 Joomla 1 Joomla\! 2017-09-27 5.0 MEDIUM 9.8 CRITICAL
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2015-5608 1 Joomla 1 Joomla\! 2017-09-22 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.