Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0514 2 Joomla, Mambo 2 Glossary, Glossary 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
CVE-2008-0512 1 Joomla 1 Com Fq 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
CVE-2008-0511 2 Joomla, Mambo 2 Com Mamml, Com Mamml 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
CVE-2008-0510 2 Joomla, Mambo 3 Com Newsletter, Com Newsletter, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
CVE-2008-0517 3 Darko Selesi, Joomla, Mambo 3 Estateagent, Joomla, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
CVE-2007-6663 2 Joomla, Pragmatic Utopia 2 Joomla, Pu Arcade 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
CVE-2008-1935 1 Joomla 1 Joomla 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
CVE-2008-1849 3 Joomla, Joomlacode, Mambo 3 Joomla, Joomlaexplorer, Mambo 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-1848 2 Joomla, Joomlacode 2 Joomla, Joomlaexplorer 2017-09-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
CVE-2008-1559 2 Bernard Gilly, Joomla 2 Com Alphacontent, Joomla\! 2017-09-28 6.8 MEDIUM N/A
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2008-1505 2 Joomla, Sstreamtv 2 Joomla, Custompages 2017-09-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.
CVE-2008-1465 3 Detodas, Joomla, Mambo-foundation 3 Com Restaurante, Joomla\!, Mambo 2017-09-28 9.3 HIGH N/A
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
CVE-2008-1459 4 Joomla, Joomlaitalia, Mambo and 1 more 4 Joomla, Com Alberghi, Mambo and 1 more 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-1460 3 Joomla, Joomlapixel, Mambo 3 Joomla, Com Joovideo, Mambo 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-1427 2 Joobi, Joomla 2 Acajoom, Com Acajoom 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
CVE-2008-1297 3 Ewriting, Joomla, Mambo 3 Ewriting, Com Ewriting, Com Ewriting 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
CVE-2008-0844 1 Joomla 1 Com Pccookbook 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2008-0842 1 Joomla 1 Com Clasifier 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-0841 2 Joomla, Mambo 2 Com Ricette Component, Com Ricette Component 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-0839 2 Astats, Joomla 2 Astatspro, Com Astatspro 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.