An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
Max CVSS
9.8
EPSS Score
0.14%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-03-16
Updated
2020-03-18
In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
Max CVSS
9.8
EPSS Score
0.20%
Published
2019-12-18
Updated
2019-12-18
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
Max CVSS
8.8
EPSS Score
4.22%
Published
2018-03-15
Updated
2018-04-09
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
Max CVSS
9.8
EPSS Score
17.09%
Published
2018-01-30
Updated
2018-02-13

CVE-2017-8917

Public exploit
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
97.56%
Published
2017-05-17
Updated
2019-04-16
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.11%
Published
2016-01-12
Updated
2016-12-07

CVE-2015-7858

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
Max CVSS
7.5
EPSS Score
84.85%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7857

Public exploit
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
Max CVSS
7.5
EPSS Score
84.85%
Published
2015-10-29
Updated
2017-09-13

CVE-2015-7297

Public exploit
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
Max CVSS
7.5
EPSS Score
97.56%
Published
2015-10-29
Updated
2017-09-13
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
Max CVSS
7.5
EPSS Score
0.16%
Published
2015-06-18
Updated
2016-12-07
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.10%
Published
2014-10-08
Updated
2014-10-10
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
Max CVSS
4.3
EPSS Score
0.70%
Published
2014-01-26
Updated
2018-10-09
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.
Max CVSS
7.5
EPSS Score
0.26%
Published
2013-02-13
Updated
2017-08-29
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.54%
Published
2012-09-26
Updated
2017-08-29
Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters.
Max CVSS
9.1
EPSS Score
0.28%
Published
2020-02-05
Updated
2020-02-07
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-10-09
Updated
2017-08-29
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
Max CVSS
7.5
EPSS Score
0.07%
Published
2011-10-09
Updated
2017-08-29
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-10-09
Updated
2012-05-14
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-01-18
Updated
2011-07-19
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
Max CVSS
7.5
EPSS Score
2.51%
Published
2011-01-18
Updated
2018-08-13
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-07-08
Updated
2018-10-10
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2010-05-06
Updated
2017-08-17
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
Max CVSS
9.8
EPSS Score
0.15%
Published
2021-06-21
Updated
2021-09-20
142 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!