Filtered by vendor Joomla Subscriptions
Filtered by product Joomla Subscriptions
Total 215 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-2100 2 Joomla, Joomlapraise 2 Joomla, Com Projectfork 2025-04-09 N/A
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
CVE-2009-4099 2 G4j.laoneo, Joomla 2 Com Gcalendar, Joomla 2025-04-09 N/A
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-5053 1 Joomla 2 Com Rssreader, Joomla 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2008-5607 2 Joomitaly, Joomla 2 Jmovies, Joomla 2025-04-09 N/A
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2008-5864 2 Joomla, Joomlahbs 3 Joomla, Com Tophotelmodule, Hotel Booking Reservation System 2025-04-09 N/A
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2008-6483 2 Joomla, Virtuemart-solutions 2 Joomla, Com Googlebase 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2554 2 Joomla, Olle Johansson 2 Joomla, Jobline 2025-04-09 N/A
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
CVE-2009-1938 1 Joomla 1 Joomla 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.
CVE-2009-2607 2 Joomla, Pinme 2 Joomla, Com Pinboard 2025-04-09 N/A
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
CVE-2008-0795 3 Joomla, Mambo, Mgfi 3 Joomla, Mambo, Xfaq 2025-04-09 N/A
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
CVE-2009-2609 2 Amotools, Joomla 2 Com Amocourse, Joomla 2025-04-09 N/A
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2008-2990 2 Joomla, Mambo 3 Com Facileforms, Joomla, Com Facileforms 2025-04-09 N/A
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
CVE-2009-2634 2 Joomla, Ordasoft 2 Joomla, Com Medialibrary 2025-04-09 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2637 2 Joomla, Ordasoft 2 Joomla, Com Booklibrary 2025-04-09 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-6642 1 Joomla 1 Joomla 2025-04-09 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
CVE-2007-6644 1 Joomla 1 Joomla 2025-04-09 N/A
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2007-6645 1 Joomla 1 Joomla 2025-04-09 N/A
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
CVE-2008-3225 1 Joomla 1 Joomla 2025-04-09 N/A
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
CVE-2009-1939 1 Joomla 1 Joomla 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-2633 2 Joomla, Ordasoft 2 Joomla, Com Vehiclemanager 2025-04-09 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.