Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0607 3 Joomla, Mambo, Sigsiu.net 3 Com Sobi2, Com Sobi2, Sobi2 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0606 3 Joomla, Mambo, Phil Taylor 3 Com Shambo2, Com Shambo2, Shambo2 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.
CVE-2008-0603 3 Amazoop, Joomla, Mambo 3 Awesom, Com Awesom, Com Awesom 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.
CVE-2008-0579 1 Joomla 1 Com Buslicense 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
CVE-2007-5451 2 Com Colorlab, Joomla 2 Com Colorlab, Joomla 2017-09-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5310 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2017-09-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5309 2 Joomla, Webmaster-tips.net 2 Joomla, Flash Image Gallery 2017-09-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-5065 2 Joomla, Webmaster-tips 2 Joomla, Flash Slide Show 2017-09-28 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4955 1 Joomla 1 Flash Fun Component 2017-09-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4954 1 Joomla 1 Joom12pic Component 2017-09-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4923 1 Joomla 1 Joomla Radio 2017-09-28 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4781 1 Joomla 1 Joomla 2017-09-28 6.6 MEDIUM N/A
administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter.
CVE-2007-4509 1 Joomla 1 Eventlist 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.
CVE-2007-4506 1 Joomla 1 Neorecruit 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
CVE-2007-4504 1 Joomla 1 Rsfiles 2017-09-28 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
CVE-2007-4503 1 Joomla 1 Nice Talk 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
CVE-2007-4502 1 Joomla 1 Bibtex 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
CVE-2007-3932 1 Joomla 1 Expose 2017-09-28 7.5 HIGH N/A
uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder.
CVE-2007-4046 1 Joomla 1 Pony Gallery 2017-09-28 7.5 HIGH N/A
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2017-14596 1 Joomla 1 Joomla\! 2017-09-27 5.0 MEDIUM 9.8 CRITICAL
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.