Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2633 1 Joomla 2 Com Joomradio, Joomla 2018-10-11 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
CVE-2008-2454 1 Joomla 1 Com Xsstream-dm 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
CVE-2008-1733 2 Joomla, Pragmaticutopia 2 Joomla, Com Puarcade 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
CVE-2008-1137 2 Joomla, Mambo 2 Com Garyscookbook, Com Garyscookbook 2018-10-11 7.5 HIGH N/A
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2011-0005 1 Joomla 2 Com Search, Joomla\! 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
CVE-2010-5280 2 Joomla, Joomla-cbe 2 Joomla\!, Com Cbe 2018-10-10 7.5 HIGH N/A
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
CVE-2010-4941 2 Joomla, Joomlamo 2 Joomla\!, Com Teams 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
CVE-2010-4977 2 Joomla, Miniwork 2 Joomla\!, Com Canteen 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.
CVE-2010-4937 2 Joomla, Robitbt 2 Joomla\!, Com Amblog 2018-10-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
CVE-2010-4865 2 Harmistechnology, Joomla 2 Com Jeguestbook, Joomla\! 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
CVE-2010-4926 2 Joomla, Timetrack 2 Joomla\!, Com Timetrack 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
CVE-2010-5048 2 Joomla, Joomlatune 2 Joomla\!, Com Jcomments 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
CVE-2010-2846 2 Gonzalo Maser, Joomla 2 Com Artforms, Joomla\! 2018-10-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.
CVE-2010-2847 2 Gonzalo Maser, Joomla 2 Com Artforms, Joomla\! 2018-10-10 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
CVE-2010-2851 2 Joomla, Ordasoft 2 Joomla\!, Com Booklibrary 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2010-2848 2 Gonzalo Maser, Joomla 2 Com Artforms, Joomla\! 2018-10-10 5.0 MEDIUM N/A
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
CVE-2010-2909 2 Joomla, Toughtomato 2 Joomla\!, Com Ttvideo 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
CVE-2010-2678 2 Guillermo Vargas, Joomla 2 Com Xmap, Joomla\! 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2010-2679 1 Joomla 2 Com Weblinks, Joomla\! 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2010-2122 2 Joelrowley, Joomla 2 Com Simpledownload, Joomla\! 2018-10-10 6.8 MEDIUM N/A
Directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.