Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6182 1 Joomla 2 Ignitegallery, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
CVE-2008-6181 2 Joomla, Mad4media 2 Joomla, Com Mad4joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
CVE-2008-6166 2 Jmds, Joomla 2 Com Kbase, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
CVE-2008-6172 2 Joomla, Weberr 2 Joomla, Rwcards 2017-09-28 6.8 MEDIUM N/A
Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
CVE-2009-0726 3 Gigcalendar, Joomla, Mambo 3 Com Gigcalendar, Joomla, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php.
CVE-2009-0702 2 Joomla, Phoca 2 Joomla, Com Phocadocumentation 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
CVE-2009-0494 2 Joomla, Mivaco 2 Joomla, Com Portfol 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
CVE-2009-0421 1 Joomla 2 Com Eventing, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-0420 2 Joomla, Rd-media 2 Joomla, Rd-autos 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-0381 2 Bazaarbuilder, Joomla 2 Ecommerce Shopping Cart, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
CVE-2009-0380 3 Joomla, Mambo-foundation, Sigsiu.net 3 Joomla, Mambo, Sobi2 2017-09-28 7.5 HIGH N/A
** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2.
CVE-2009-0379 1 Joomla 2 Com Pcchess, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2009-0373 2 Elearningforce, Joomla 2 Flash Magazine Deluxe, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
CVE-2009-0329 1 Joomla 2 Com Pccookbook, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
CVE-2009-0113 1 Joomla 2 Joomla, Xstandard 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
CVE-2008-7169 2 Jabode, Joomla 2 Com Jabode, Joomla\! 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
CVE-2008-6923 1 Joomla 2 Com Content, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
CVE-2008-6883 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6882 2 Joomla, Joompolitan 2 Joomla, Com Livechat 2017-09-28 7.5 HIGH N/A
Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to use the xmlhttp.php script as an open HTTP proxy to hide network scanning activities or scan internal networks via a GET request with a full URL in the query string.
CVE-2008-6881 2 Joomla, Joompolitan 2 Joomla\!, Com Livechat 2017-09-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.