Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11324 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated. | |||||
CVE-2018-11322 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 6.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver. | |||||
CVE-2018-11321 | 1 Joomla | 1 Joomla\! | 2018-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. | |||||
CVE-2018-8045 | 1 Joomla | 1 Joomla\! | 2018-04-09 | 6.5 MEDIUM | 8.8 HIGH |
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view. | |||||
CVE-2018-6377 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | |||||
CVE-2018-6376 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 7.5 HIGH | 9.8 CRITICAL |
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | |||||
CVE-2018-6380 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system. | |||||
CVE-2018-6379 | 1 Joomla | 1 Joomla\! | 2018-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability. | |||||
CVE-2017-16634 | 1 Joomla | 1 Joomla\! | 2017-11-28 | 7.5 HIGH | 9.8 CRITICAL |
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | |||||
CVE-2017-16633 | 1 Joomla | 1 Joomla\! | 2017-11-28 | 4.0 MEDIUM | 4.3 MEDIUM |
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users. | |||||
CVE-2008-6222 | 2 Joomla, Joomlashowroom | 2 Joomla, Pro Desk Support Center | 2017-10-18 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. | |||||
CVE-2008-6148 | 2 Joomla, Raven-worx | 2 Joomla, Liveticker | 2017-10-18 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php. | |||||
CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2017-10-18 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | |||||
CVE-2009-0333 | 1 Joomla | 2 Com Waticketsystem, Joomla | 2017-10-18 | 7.5 HIGH | N/A |
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
CVE-2008-2568 | 1 Joomla | 2 Com Simpleshop, Joomla | 2017-10-18 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php. | |||||
CVE-2006-6962 | 1 Joomla | 1 Rs Gallery2 | 2017-10-18 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. | |||||
CVE-2006-5048 | 2 Joomla, Waltercedric | 2 Joomla\!, Com Securityimages | 2017-10-18 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php. | |||||
CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2017-10-18 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3970 | 1 Joomla | 1 Lmo | 2017-10-18 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3969 | 1 Joomla | 1 Colophon | 2017-10-18 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |