Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4938 2 Joomla, Warphd 2 Joomla\!, Com Jvideo 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
CVE-2009-4628 2 Joomla, Templateplaza 2 Joomla\!, Com Tpdugg 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
CVE-2009-4625 2 Joomla, Tamlyncreative 2 Joomla\!, Com Bfsurvey Profree 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an updateOnePage action to index.php.
CVE-2009-4620 2 Joomla, Joomloc 2 Joomla\!, Com Joomloc 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
CVE-2009-4619 2 Joomla, Lucygames 2 Joomla\!, Com Lucygames 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3335 2 Joomla, Turtus 2 Joomla\!, Turtushout 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
CVE-2009-3334 2 Joomla, Lhacky 2 Joomla\!, Com Jinc 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
CVE-2009-4550 2 Joomla, Kunena 2 Joomla\!, Kunena Forum 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.
CVE-2009-4475 2 Joomla, Joomlub 2 Joomla\!, Com Joomlub 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
CVE-2009-2601 2 Joomla, Joomlaequipment 2 Joomla\!, Juser 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
CVE-2009-2567 2 Almondsoft, Joomla 2 Almond Classifieds, Joomla\! 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-4202 2 Joomla, Omilenitsolutions 2 Joomla\!, Com Omphotogallery 2017-09-18 7.5 HIGH N/A
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
CVE-2009-4200 2 Joomla, Vollmar 2 Joomla\!, Com Seminar 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
CVE-2009-4199 3 Joomla, Mambo-foundation, Mamboforge 3 Joomla\!, Mambo, Com Mosres 2017-09-18 6.8 MEDIUM N/A
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
CVE-2009-2395 2 Joomla, Joomlaworks 2 Joomla\!, Com K2 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.
CVE-2009-3972 2 Joomla, Qproje 2 Joomla\!, Com Siirler 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
CVE-2009-3971 2 Joomla, Jtips 2 Joomla\!, Com Jtips 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
CVE-2009-3964 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjamonials 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVE-2009-3417 2 Idojoomla, Joomla 2 Com Idoblog, Joomla\! 2017-09-18 7.5 HIGH N/A
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
CVE-2015-7858 1 Joomla 1 Joomla\! 2017-09-12 7.5 HIGH N/A
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.