The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-11-29
Updated
2023-12-05
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
Max CVSS
7.5
EPSS Score
0.09%
Published
2023-05-30
Updated
2023-06-06
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection.
Max CVSS
9.8
EPSS Score
0.14%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.
Max CVSS
7.5
EPSS Score
0.20%
Published
2022-03-30
Updated
2022-04-05
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command.
Max CVSS
9.1
EPSS Score
0.12%
Published
2021-08-24
Updated
2021-08-31
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-07-07
Updated
2021-07-09
An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.2.0 through 3.9.24. The core shipped but unused randval implementation within FOF (FOFEncryptRandval) used an potential insecure implemetation. That has now been replaced with a call to 'random_bytes()' and its backport that is shipped within random_compat.
Max CVSS
9.1
EPSS Score
0.22%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
Max CVSS
9.1
EPSS Score
0.22%
Published
2021-03-04
Updated
2021-03-05
An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.
Max CVSS
7.5
EPSS Score
0.28%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-12-28
Updated
2020-12-30
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-12-28
Updated
2020-12-30
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-06-02
Updated
2020-10-19
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-06-02
Updated
2020-10-19
An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Featured Articles frontend menutype.
Max CVSS
9.8
EPSS Score
0.20%
Published
2020-03-16
Updated
2020-03-18
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-03-16
Updated
2020-03-18
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
Max CVSS
8.8
EPSS Score
0.09%
Published
2020-03-16
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.
Max CVSS
7.5
EPSS Score
0.22%
Published
2020-03-16
Updated
2020-03-19
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-01-28
Updated
2020-02-07
94 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!