Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Filtered by product Joomla\!
Total 578 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4904 2 Joomla, Simon Philips 2 Joomla\!, Com Aardvertiser 2012-05-13 7.5 HIGH N/A
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4929 2 Joomla, Joostina-cms 2 Joomla\!, Com Ezautos 2012-05-13 7.5 HIGH N/A
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
CVE-2010-4938 1 Joomla 2 Com Weblinks, Joomla\! 2012-05-13 7.5 HIGH N/A
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4898 2 Gantry-framework, Joomla 2 Com Gantry, Joomla\! 2012-05-13 7.5 HIGH N/A
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
CVE-2008-7302 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2012-05-13 7.5 HIGH N/A
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
CVE-2011-3747 1 Joomla 1 Joomla\! 2012-03-11 5.0 MEDIUM N/A
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
CVE-2011-5004 2 Fabrikar, Joomla 2 Com Fabrikar, Joomla\! 2012-02-16 6.0 MEDIUM N/A
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2010-4902 2 Joomla, Joomla-clantools 2 Joomla\!, Clantools 2012-02-13 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
CVE-2010-4968 2 Joomla, Webmaster-tips 2 Joomla\!, Com Wmtpic 2012-02-13 7.5 HIGH N/A
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2010-4936 2 Joomla, Webmaster-tips 2 Joomla\!, Com Slideshow 2012-02-13 7.5 HIGH N/A
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2010-4928 2 Joomla, Photoindochina 2 Joomla\!, Com Restaurantguide 2012-02-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
CVE-2010-4927 2 Joomla, Photoindochina 2 Joomla\!, Com Restaurantguide 2012-02-13 7.5 HIGH N/A
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
CVE-2010-4864 2 Danieljamesscott, Joomla 2 Com Clubmanager, Joomla\! 2012-02-13 7.5 HIGH N/A
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
CVE-2010-4838 2 Extensiondepot, Joomla 2 Com Jsupport, Joomla\! 2012-02-13 6.0 MEDIUM N/A
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.
CVE-2010-4837 2 Extensiondepot, Joomla 2 Com Jsupport, Joomla\! 2012-02-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4808 2 Joomla, Joomlaextensions 2 Joomla\!, Com Hmcommunity 2012-02-09 7.5 HIGH N/A
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
CVE-2011-4804 2 Foobla, Joomla 2 Com Obsuggest, Joomla\! 2012-02-09 5.0 MEDIUM N/A
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVE-2011-4809 2 Joomla, Joomlaextensions 2 Joomla\!, Com Hmcommunity 2012-02-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4823 2 Extensionsforjoomla, Joomla 2 Com Vikrealestate, Joomla\! 2012-02-08 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
CVE-2011-4830 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2011-12-15 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.