Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class.
Max CVSS
7.5
EPSS Score
0.55%
Published
2005-11-23
Updated
2017-07-11
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-03-07
Updated
2011-09-08
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
Max CVSS
7.5
EPSS Score
0.86%
Published
2006-07-10
Updated
2017-07-20
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
Max CVSS
7.5
EPSS Score
0.23%
Published
2007-02-12
Updated
2008-09-05
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
Max CVSS
7.5
EPSS Score
0.44%
Published
2007-03-06
Updated
2018-10-16
SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.
Max CVSS
6.8
EPSS Score
0.74%
Published
2007-03-06
Updated
2018-10-16
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-09-06
Updated
2013-08-16
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.
Max CVSS
6.8
EPSS Score
1.00%
Published
2007-01-19
Updated
2018-10-16
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
Max CVSS
7.5
EPSS Score
0.60%
Published
2007-01-19
Updated
2018-10-16
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Max CVSS
7.5
EPSS Score
0.41%
Published
2007-01-19
Updated
2018-10-16
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Max CVSS
7.5
EPSS Score
10.63%
Published
2007-03-27
Updated
2017-10-11
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
10.63%
Published
2007-03-27
Updated
2017-10-11
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Max CVSS
7.5
EPSS Score
0.44%
Published
2007-07-27
Updated
2017-09-29
SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
Max CVSS
7.5
EPSS Score
0.29%
Published
2007-08-08
Updated
2018-10-15
SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter.
Max CVSS
7.5
EPSS Score
0.35%
Published
2007-08-23
Updated
2017-09-29
SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter.
Max CVSS
7.5
EPSS Score
45.26%
Published
2007-08-23
Updated
2017-09-29
SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action.
Max CVSS
7.5
EPSS Score
45.26%
Published
2007-08-23
Updated
2017-09-29
SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action.
Max CVSS
7.5
EPSS Score
0.35%
Published
2007-08-23
Updated
2017-09-29
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-09-10
Updated
2018-10-15
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.
Max CVSS
7.5
EPSS Score
0.28%
Published
2007-09-10
Updated
2017-07-29
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
Max CVSS
7.5
EPSS Score
0.06%
Published
2007-12-07
Updated
2018-10-15
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
Max CVSS
7.5
EPSS Score
0.11%
Published
2007-12-15
Updated
2018-10-15
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-01-31
Updated
2017-09-29
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-01-31
Updated
2017-09-29
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-01-31
Updated
2017-09-29
142 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!