Filtered by vendor Joomla Subscriptions
Filtered by product Joomla Subscriptions
Total 215 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-0380 3 Joomla, Mambo-foundation, Sigsiu.net 3 Joomla, Mambo, Sobi2 2025-04-09 N/A
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
CVE-2009-3357 2 Joomla, Joomlahbs 2 Joomla, Com Hbssearch 2025-04-09 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
CVE-2007-5410 2 Joomla, Webmaster-tips 2 Joomla, Flash Rss Reader 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2009-0494 2 Joomla, Mivaco 2 Joomla, Com Portfol 2025-04-09 N/A
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
CVE-2007-6645 1 Joomla 1 Joomla 2025-04-09 N/A
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
CVE-2007-6644 1 Joomla 1 Joomla 2025-04-09 N/A
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVE-2008-3225 1 Joomla 1 Joomla 2025-04-09 N/A
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
CVE-2008-3226 1 Joomla 1 Joomla 2025-04-09 N/A
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2025-04-09 N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-3434 3 Joomla, Mambo, Onestopjoomla 3 Joomla, Mambo, Com Tupinambis 2025-04-09 N/A
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
CVE-2009-3438 2 Joomla, Witchakorn Kamolpornwijit 2 Joomla, Com Facebook 2025-04-09 N/A
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.
CVE-2009-3446 2 Joomla, Rick Estrada 2 Joomla, Com Mytube 2025-04-09 N/A
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
CVE-2008-4777 2 Joomla, Mambo 3 Com Lms, Joomla, Mambo 2025-04-09 N/A
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVE-2009-3480 2 Isygen, Joomla 2 Icrm Basic, Joomla 2025-04-09 N/A
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1258 2 Joomla, Rd-media 2 Joomla, Com Rdautos 2025-04-09 N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6050 2 Ircmaxell, Joomla 2 Tech Article, Joomla 2025-04-09 N/A
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
CVE-2009-1279 1 Joomla 1 Joomla 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
CVE-2009-1280 1 Joomla 1 Joomla 2025-04-09 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2008-1533 1 Joomla 1 Joomla 2025-04-09 N/A
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
CVE-2007-4779 1 Joomla 1 Joomla 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section.