ReportizFlow
Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2902 | 2 Joomla, Ryan Demmer | 2 Joomla\!, Joomla Content Editor | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. | ||||
| CVE-2010-0676 | 2 Joomla, Weberr | 2 Joomla\!, Com Rwcards | 2025-04-11 | N/A |
| Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. | ||||
| CVE-2010-0945 | 2 Hotbrackets, Joomla | 2 Com Hotbrackets, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2025-04-11 | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | ||||
| CVE-2010-4862 | 2 Harmistechnology, Joomla | 2 Com Jedirectory, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | ||||
| CVE-2010-4864 | 2 Danieljamesscott, Joomla | 2 Com Clubmanager, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php. | ||||
| CVE-2010-4865 | 2 Harmistechnology, Joomla | 2 Com Jeguestbook, Joomla\! | 2025-04-11 | N/A |
| SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | ||||
| CVE-2010-1479 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2025-04-11 | N/A |
| SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php. | ||||
| CVE-2010-1480 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2025-04-11 | N/A |
| SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-1601 | 2 Joomla, Joomlamart | 2 Joomla\!, Com Jacomment | 2025-04-11 | N/A |
| Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | ||||
| CVE-2008-0801 | 3 Joomla, Mambo-foundation, Paxxgallery | 3 Joomla\!, Mambo, Com Paxxgallery | 2025-04-09 | N/A |
| SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | ||||
| CVE-2008-1559 | 2 Bernard Gilly, Joomla | 2 Com Alphacontent, Joomla\! | 2025-04-09 | N/A |
| SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
| CVE-2009-3945 | 1 Joomla | 1 Joomla\! | 2025-04-09 | N/A |
| Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors. | ||||
| CVE-2009-3946 | 1 Joomla | 1 Joomla\! | 2025-04-09 | N/A |
| Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request. | ||||
| CVE-2009-2567 | 2 Almondsoft, Joomla | 2 Almond Classifieds, Joomla\! | 2025-04-09 | N/A |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | ||||
| CVE-2008-6275 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages. | ||||
| CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | ||||
| CVE-2009-3964 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjamonials | 2025-04-09 | N/A |
| SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php. | ||||
| CVE-2009-3972 | 2 Joomla, Qproje | 2 Joomla\!, Com Siirler | 2025-04-09 | N/A |
| SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | ||||
| CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||