Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2682 2 Joomla, Realtyna 2 Joomla\!, Com Realtyna 2017-08-16 7.5 HIGH N/A
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-2845 2 Joomla, Schlu.net 2 Joomla\!, Com Quickfaq 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
CVE-2010-2907 2 Huruhelpdesk, Joomla 2 Com Huruhelpdesk, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.
CVE-2010-2908 2 Joomdle, Joomla 2 Com Joomdle, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
CVE-2010-2910 2 Alexred, Joomla 2 Com Oziogallery, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2010-2918 2 Joomla, Visocrea 2 Joomla\!, Com Joomla Visites 2017-08-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2010-2919 2 Joomla, Joomlaxt 2 Joomla\!, Com Staticxt 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-2920 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla\! 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
CVE-2010-2921 2 Joomla, Photoindochina 2 Joomla\!, Com Golfcourseguide 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.
CVE-2010-2923 2 Joomla, Prasanna 2 Joomla\!, Com Youtube 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
CVE-2010-3211 2 Jextn, Joomla 2 Com Jefaqpro, Joomla\! 2017-08-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
CVE-2010-3426 2 4you-studio, Joomla 2 Com Jphone, Joomla\! 2017-08-16 7.5 HIGH N/A
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4575 2 Joomla, Qproje 2 Joomla\!, Com Qpersonel 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.
CVE-2009-4946 2 Joomla, Thetricky 2 Joomla\!, Com Messaging 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4583 1 Joomla 2 Com Dhforum, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
CVE-2009-4579 2 Joomla, Mambo-foundation 3 Com Artistavenue, Joomla\!, Mambo 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
CVE-2009-4578 3 Facileforms, Joomla, Mambo-foundation 3 Facileforms, Joomla\!, Mambo 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
CVE-2009-4576 2 Cmstactics, Joomla 2 Com Beeheard, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.
CVE-2009-3945 1 Joomla 1 Joomla\! 2017-08-16 5.5 MEDIUM N/A
Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.
CVE-2009-3946 1 Joomla 1 Joomla\! 2017-08-16 5.0 MEDIUM N/A
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.