CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities (CVSS score between 7 and 7.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-2747 264 +Priv 2012-07-03 2012-07-04
7.5
 None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
2 CVE-2012-1598 264 2012-12-03 2012-12-04
7.5
 None Remote Low Not required Partial Partial Partial
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
3 CVE-2012-1116 89 Exec Code Sql 2012-09-25 2012-10-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
4 CVE-2010-4945 89 3 Exec Code Sql 2011-10-09 2012-02-13
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
5 CVE-2010-4944 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
6 CVE-2010-4938 89 Exec Code Sql 2011-10-09 2012-05-14
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
7 CVE-2010-4696 89 Exec Code Sql 2011-01-18 2011-07-19
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
8 CVE-2010-4166 89 Exec Code Sql 2011-01-18 2011-07-19
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
9 CVE-2010-2681 94 1 Exec Code File Inclusion 2010-07-12 2010-07-12
7.5
 None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
10 CVE-2010-2679 89 1 Exec Code Sql 2010-07-08 2010-07-16
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
11 CVE-2010-1739 89 2 Exec Code Sql 2010-05-06 2010-05-07
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
12 CVE-2010-0373 89 2 Exec Code Sql 2010-01-21 2010-01-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
13 CVE-2009-4583 89 2 Exec Code Sql 2010-01-06 2010-01-07
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
14 CVE-2009-2239 89 1 Exec Code Sql 2009-06-27 2009-06-30
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
15 CVE-2009-2014 89 1 Exec Code Sql 2009-06-09 2009-07-21
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
16 CVE-2009-1736 89 1 Exec Code Sql 2009-05-20 2009-05-20
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
17 CVE-2009-1499 89 1 Exec Code Sql 2009-05-01 2009-05-20
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
18 CVE-2009-0421 89 1 Exec Code Sql 2009-02-04 2009-02-05
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
19 CVE-2009-0379 89 1 Exec Code Sql 2009-02-02 2009-02-02
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
20 CVE-2009-0377 89 1 Exec Code Sql 2009-02-02 2009-02-02
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
21 CVE-2009-0333 89 Exec Code Sql 2009-01-29 2009-01-29
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
22 CVE-2009-0329 89 1 Exec Code Sql 2009-01-29 2009-01-29
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
23 CVE-2008-6923 89 1 Exec Code Sql 2009-08-10 2009-08-19
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
24 CVE-2008-6852 89 1 Exec Code Sql 2009-07-07 2009-07-07
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
25 CVE-2008-6430 89 1 Exec Code Sql 2009-03-06 2009-04-14
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
26 CVE-2008-6234 89 1 Exec Code Sql 2009-02-20 2009-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
27 CVE-2008-6182 89 1 Exec Code Sql 2009-02-19 2011-01-20
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
28 CVE-2008-5811 89 1 Exec Code Sql 2009-01-02 2009-02-26
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
29 CVE-2008-5671 94 Exec Code File Inclusion 2008-12-18 2009-08-19
7.5
 User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
30 CVE-2008-5643 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
31 CVE-2008-5208 89 1 Exec Code Sql 2008-11-24 2009-04-01
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
32 CVE-2008-5200 89 1 Exec Code Sql 2008-11-21 2009-08-20
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
33 CVE-2008-4777 89 Exec Code Sql 2008-10-29 2009-03-18
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
34 CVE-2008-4105 20 2008-09-18 2009-08-19
7.5
 User Remote Low Not required Partial Partial Partial
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
35 CVE-2008-4102 189 2008-09-18 2009-08-19
7.5
 User Remote Low Not required Partial Partial Partial
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
36 CVE-2008-3681 264 1 2008-08-14 2009-02-06
7.5
 None Remote Low Not required Partial Partial Partial
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
37 CVE-2008-3586 89 1 Exec Code Sql 2008-08-11 2009-03-18
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
38 CVE-2008-3228 16 2008-07-18 2008-09-10
7.5
 User Remote Low Not required Partial Partial Partial
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
39 CVE-2008-3227 59 2008-07-18 2008-09-10
7.5
 User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
40 CVE-2008-3132 89 1 Exec Code Sql 2008-07-10 2008-09-05
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
41 CVE-2008-3083 89 1 Exec Code Sql 2008-07-08 2008-09-10
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
42 CVE-2008-2990 94 1 Exec Code File Inclusion 2008-07-02 2009-01-29
7.5
 None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
43 CVE-2008-2892 89 1 Exec Code Sql 2008-06-27 2009-04-08
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
44 CVE-2008-2697 89 Exec Code Sql 2008-06-13 2009-04-14
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
45 CVE-2008-2692 89 1 Exec Code Sql 2008-06-13 2009-04-14
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
46 CVE-2008-2676 89 1 Exec Code Sql 2008-06-12 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
47 CVE-2008-2651 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
 User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
48 CVE-2008-2643 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
49 CVE-2008-2633 89 2 Exec Code Sql 2008-06-09 2009-03-13
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
50 CVE-2008-2632 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
Total number of vulnerabilities : 164   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.