Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5864 2 Joomla, Joomlahbs 3 Joomla, Com Tophotelmodule, Hotel Booking Reservation System 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-5811 1 Joomla 2 Com Paxgallery, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
CVE-2008-5790 2 Joomla, Recly 2 Joomla, Competitions 2017-09-28 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
CVE-2008-5789 2 Joomla, Recly 2 Joomla, Interactive Feederator 2017-09-28 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
CVE-2008-5793 2 Joomla, Recly 2 Joomla, Clickheat-heatmap 2017-09-28 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
CVE-2008-5643 2 Joomla, Mambo 3 Com Books, Joomla, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
CVE-2008-5607 2 Joomitaly, Joomla 2 Jmovies, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-5494 2 Digitalgreys, Joomla 2 Com Contactinfo, Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-5208 2 Joomla, Mambo 3 Com Datsogallery, Joomla, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2008-5200 2 Joomla, Mambo 3 Com Xewebtv, Joomla, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-5226 3 Joomla, Mambads, Mambo 3 Joomla, Mambads, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
CVE-2008-5053 1 Joomla 2 Com Rssreader, Joomla 2017-09-28 10.0 HIGH N/A
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2008-4764 2 Extplorer, Joomla 2 Com Extplorer, Joomla\! 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-4668 1 Joomla 2 Com Imagebrowser, Joomla 2017-09-28 9.0 HIGH N/A
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVE-2008-4623 2 Joomla, Martin Diphoorn 2 Joomla, Com Ds-syndicate 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
CVE-2008-4617 3 Joomla, Mambo-foundation, Pyxicom 3 Joomla, Mambo, Actualite 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-3681 1 Joomla 1 Com User 2017-09-28 7.5 HIGH N/A
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
CVE-2008-3586 1 Joomla 1 Com Ezstore 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-3498 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-3265 1 Joomla 1 Com Dtregister 2017-09-28 6.8 MEDIUM N/A
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.