Filtered by vendor Joomla
Subscribe
Total
912 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4992 | 2 Joomla, Paymentsplus | 2 Joomla\!, Payments Plus | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html. | |||||
CVE-2010-4853 | 2 Chillcreations, Joomla | 2 Com Ccinvoices, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | |||||
CVE-2010-4995 | 2 Joomla, Neojoomla | 2 Joomla\!, Com Neorecruit | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506. | |||||
CVE-2010-5044 | 2 Joomla, Kanich | 2 Joomla\!, Com Searchlog | 2017-08-28 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-5003 | 2 Autartica, Joomla | 2 Com Autartimonial, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-5056 | 2 Gbu Grafici, Joomla | 2 Com Gbufacebook, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. | |||||
CVE-2010-5028 | 2 Harmistechnology, Joomla | 2 Com Jejob, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | |||||
CVE-2010-5032 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfquiztrial | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | |||||
CVE-2010-5042 | 2 Blueconstantmedia, Joomla | 2 Com Djartgallery, Joomla\! | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-5043 | 2 Blueconstantmedia, Joomla | 2 Com Djartgallery, Joomla\! | 2017-08-28 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. | |||||
CVE-2010-4993 | 2 Joomla, Kay Messerschmidt | 2 Joomla\!, Com Eventcal | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
CVE-2011-2889 | 1 Joomla | 1 Joomla\! | 2017-08-28 | 5.0 MEDIUM | N/A |
templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488. | |||||
CVE-2010-4918 | 2 Ijoomla, Joomla | 2 Com Magazine, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php. | |||||
CVE-2010-4990 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php. | |||||
CVE-2010-4975 | 2 Joomla, Techjoomla | 2 Joomla\!, Com Socialads | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php. | |||||
CVE-2010-4971 | 2 Joomla, Videowhisper | 2 Joomla\!, Php 2 Way Video Chat | 2017-08-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. | |||||
CVE-2011-2890 | 1 Joomla | 1 Joomla\! | 2017-08-28 | 5.0 MEDIUM | N/A |
The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-2011-2488. | |||||
CVE-2011-2891 | 1 Joomla | 1 Joomla\! | 2017-08-28 | 5.0 MEDIUM | N/A |
Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive information via an empty Itemid array parameter to index.php, which reveals the installation path in an error message, a different vulnerability than CVE-2011-2488. | |||||
CVE-2010-4945 | 1 Joomla | 2 Com Camelcitydb2, Joomla\! | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
CVE-2010-4944 | 2 Joomla, Mambo-foundation | 3 Com Elite Experts, Joomla\!, Mambo | 2017-08-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php. |