Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Joomla Subscribe
Total 912 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3211 2 Jextn, Joomla 2 Com Jefaqpro, Joomla\! 2017-08-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
CVE-2010-3426 2 4you-studio, Joomla 2 Com Jphone, Joomla\! 2017-08-16 7.5 HIGH N/A
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4579 2 Joomla, Mambo-foundation 3 Com Artistavenue, Joomla\!, Mambo 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
CVE-2009-4057 2 Inertialfate, Joomla 2 Com If Nexus, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
CVE-2009-4059 2 .joomclan, Joomla 2 Com Joomclip, Joomla\! 2017-08-16 6.8 MEDIUM N/A
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
CVE-2009-4099 2 G4j.laoneo, Joomla 2 Com Gcalendar, Joomla 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-0374 2 Codingfish, Joomla 2 Com Marketplace, Joomla\! 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
CVE-2010-0372 2 Hong Chuyen, Joomla 2 Com Articlemanager, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
CVE-2010-0373 1 Joomla 2 Com Libros, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2009-4946 2 Joomla, Thetricky 2 Joomla\!, Com Messaging 2017-08-16 6.8 MEDIUM N/A
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4604 2 Fernando Soares, Joomla 2 Com Mamboleto, Joomla 2017-08-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-4599 2 Joomla, Joomshark 2 Joomla, Com Jsjobs 2017-08-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
CVE-2009-4598 2 Corephp, Joomla 2 Com Jphoto, Joomla 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2009-4583 1 Joomla 2 Com Dhforum, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
CVE-2009-3946 1 Joomla 1 Joomla\! 2017-08-16 5.0 MEDIUM N/A
Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.
CVE-2009-4578 3 Facileforms, Joomla, Mambo-foundation 3 Facileforms, Joomla\!, Mambo 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
CVE-2009-4576 2 Cmstactics, Joomla 2 Com Beeheard, Joomla\! 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.
CVE-2009-4575 2 Joomla, Qproje 2 Joomla\!, Com Qpersonel 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.
CVE-2009-4573 2 Joomla, Joomlabear 2 Joomla, Mod Joomulus 2017-08-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4) tagcloud_rus.swf, and possibly (5) tagcloud_jpn.swf. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3434 3 Joomla, Mambo, Onestopjoomla 3 Joomla, Mambo, Com Tupinambis 2017-08-16 7.5 HIGH N/A
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.