ReportizFlow
Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
631 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2026-04-23 | N/A |
| SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | ||||
| CVE-2006-5043 | 2 Joomla, Joomlaboard | 2 Joomla\!, Joomlaboard | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) file_upload.php or (2) image_upload.php, a variant of CVE-2006-3528. | ||||
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2026-04-23 | N/A |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | ||||
| CVE-2009-3964 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjamonials | 2026-04-23 | N/A |
| SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php. | ||||
| CVE-2009-4255 | 2 Joomla, Youjoomla | 2 Joomla\!, You\!hostit\! | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in index.php. | ||||
| CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2026-04-23 | N/A |
| SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||
| CVE-2016-10033 | 3 Joomla, Phpmailer Project, Wordpress | 3 Joomla\!, Phpmailer, Wordpress | 2026-04-21 | 9.8 Critical |
| The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | ||||
| CVE-2006-4470 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. | ||||
| CVE-2005-4650 | 1 Joomla | 1 Joomla\! | 2026-04-16 | 5.3 Medium |
| Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots. | ||||
| CVE-2006-4469 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." | ||||
| CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | ||||
| CVE-2006-1957 | 2 Joomla, Mambo-foundation | 2 Joomla\!, Mambo | 2026-04-16 | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. | ||||
| CVE-2006-4468 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | ||||
| CVE-2006-4472 | 1 Joomla | 1 Joomla\! | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | ||||
| CVE-2026-21632 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 5.4 Medium |
| Lack of output escaping for article titles leads to XSS vectors in various locations. | ||||
| CVE-2026-21631 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 5.4 Medium |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-23899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 8.8 High |
| An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2026-21629 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 7.3 High |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | ||||
| CVE-2026-23898 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 7.2 High |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | ||||
| CVE-2026-21630 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 8.8 High |
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | ||||