Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla
Subscriptions
Total
232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2676 | 1 Joomla | 2 Com News Portal, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | ||||
| CVE-2008-5864 | 2 Joomla, Joomlahbs | 3 Joomla, Com Tophotelmodule, Hotel Booking Reservation System | 2025-04-09 | N/A |
| SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | ||||
| CVE-2008-5494 | 2 Digitalgreys, Joomla | 2 Com Contactinfo, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | ||||
| CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | ||||
| CVE-2009-4099 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-2099 | 2 Ijoomla, Joomla | 2 Com Rssfeeder, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. | ||||
| CVE-2009-2102 | 2 Com Jumi, Joomla | 2 Com Jumi, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php. | ||||
| CVE-2008-5643 | 2 Joomla, Mambo | 3 Com Books, Joomla, Mambo | 2025-04-09 | N/A |
| SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. | ||||
| CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. | ||||
| CVE-2009-3193 | 2 Joomla, Uwix | 2 Joomla, Com Digifolio | 2025-04-09 | N/A |
| SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. | ||||
| CVE-2007-5309 | 2 Joomla, Webmaster-tips.net | 2 Joomla, Flash Image Gallery | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2025-04-09 | N/A |
| SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | ||||
| CVE-2007-4778 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777. | ||||
| CVE-2007-5389 | 2 Joomla, Swmenupro | 2 Joomla, Swmenufree | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests | ||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2025-04-09 | N/A |
| SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. | ||||
| CVE-2008-4617 | 3 Joomla, Mambo-foundation, Pyxicom | 3 Joomla, Mambo, Actualite | 2025-04-09 | N/A |
| SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-4623 | 2 Joomla, Martin Diphoorn | 2 Joomla, Com Ds-syndicate | 2025-04-09 | N/A |
| SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php. | ||||
| CVE-2009-0702 | 2 Joomla, Phoca | 2 Joomla, Com Phocadocumentation | 2025-04-09 | N/A |
| SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. | ||||
| CVE-2009-1279 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component. | ||||
| CVE-2009-3054 | 2 Artetics, Joomla | 2 Com Artportal, Joomla | 2025-04-09 | N/A |
| SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. | ||||