Filtered by vendor Joomla
Subscribe
Total
935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6116 | 2 Extrosoft, Joomla | 2 Com Thyme, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. | |||||
| CVE-2008-2627 | 1 Joomla | 1 Com Idoblog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php. | |||||
| CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | |||||
| CVE-2008-1849 | 3 Joomla, Joomlacode, Mambo | 3 Joomla, Joomlaexplorer, Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action. | |||||
| CVE-2008-2651 | 1 Joomla | 1 Com Joobb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php. | |||||
| CVE-2009-1496 | 2 Ijobid, Joomla | 2 Com Cmimarketplace, Joomla | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. | |||||
| CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2025-04-09 | 5.0 MEDIUM | N/A |
| Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | |||||
| CVE-2008-0579 | 1 Joomla | 1 Com Buslicense | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action. | |||||
| CVE-2008-5865 | 2 Joomla, Joomlahbs | 2 Joomla, Hotel Booking Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php. | |||||
| CVE-2009-3332 | 2 Joomla, Sopinet | 2 Joomla, Com Jbudgetsmagic | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. | |||||
| CVE-2006-5041 | 1 Joomla | 2 Com Hotproperties, Hot Properties | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors. | |||||
| CVE-2008-0515 | 2 Joomla, Mambo | 2 Musepoes Component, Musepoes Component | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
| CVE-2008-5789 | 2 Joomla, Recly | 2 Joomla, Interactive Feederator | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | |||||
| CVE-2007-4503 | 1 Joomla | 1 Nice Talk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. | |||||
| CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | |||||
| CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | |||||
| CVE-2006-7125 | 1 Joomla | 1 Bsq Sitestats | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. | |||||
| CVE-2008-1427 | 2 Joobi, Joomla | 2 Acajoom, Com Acajoom | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php. | |||||
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. | |||||
| CVE-2009-4604 | 2 Fernando Soares, Joomla | 2 Com Mamboleto, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||