Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-11324 1 Joomla 1 Joomla\! 2018-06-22 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.
CVE-2018-11322 1 Joomla 1 Joomla\! 2018-06-22 6.0 MEDIUM 7.5 HIGH
An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.
CVE-2018-11321 1 Joomla 1 Joomla\! 2018-06-22 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVE-2018-8045 1 Joomla 1 Joomla\! 2018-04-09 6.5 MEDIUM 8.8 HIGH
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
CVE-2018-6377 1 Joomla 1 Joomla\! 2018-02-13 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVE-2018-6376 1 Joomla 1 Joomla\! 2018-02-13 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVE-2018-6380 1 Joomla 1 Joomla\! 2018-02-13 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVE-2018-6379 1 Joomla 1 Joomla\! 2018-02-13 4.3 MEDIUM 6.1 MEDIUM
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVE-2017-16634 1 Joomla 1 Joomla\! 2017-11-28 7.5 HIGH 9.8 CRITICAL
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVE-2017-16633 1 Joomla 1 Joomla\! 2017-11-28 4.0 MEDIUM 4.3 MEDIUM
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVE-2008-6222 2 Joomla, Joomlashowroom 2 Joomla, Pro Desk Support Center 2017-10-18 5.0 MEDIUM N/A
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2008-6148 2 Joomla, Raven-worx 2 Joomla, Liveticker 2017-10-18 7.5 HIGH N/A
SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php.
CVE-2008-2697 2 Joomla, Rapid-source 2 Com Rapidrecipe, Rapid Recipe 2017-10-18 7.5 HIGH N/A
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
CVE-2009-0333 1 Joomla 2 Com Waticketsystem, Joomla 2017-10-18 7.5 HIGH N/A
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2008-2568 1 Joomla 2 Com Simpleshop, Joomla 2017-10-18 7.5 HIGH N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
CVE-2006-6962 1 Joomla 1 Rs Gallery2 2017-10-18 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.
CVE-2006-5048 2 Joomla, Waltercedric 2 Joomla\!, Com Securityimages 2017-10-18 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php.
CVE-2006-4074 1 Joomla 1 Jd-wiki 2017-10-18 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3970 1 Joomla 1 Lmo 2017-10-18 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3969 1 Joomla 1 Colophon 2017-10-18 7.5 HIGH N/A
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.