CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0794 79 1 XSS 2014-01-26 2014-02-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in JV Comment (com_jvcomment) 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the id parameter in a comment.like action.
2 CVE-2013-5576 20 1 Bypass 2013-10-09 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
3 CVE-2013-3242 20 1 DoS 2013-05-03 2014-03-07
5.5
None Remote Low Single system None Partial Partial
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
4 CVE-2012-3829 200 1 +Info 2012-07-03 2012-07-17
5.0
None Remote Low Not required Partial None None
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
5 CVE-2012-3828 79 1 XSS 2012-07-03 2012-07-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
6 CVE-2011-0005 79 1 XSS 2011-01-10 2011-01-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
7 CVE-2010-4945 89 3 Exec Code Sql 2011-10-09 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
8 CVE-2010-4944 89 1 Exec Code Sql 2011-10-09 2012-05-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
9 CVE-2010-2681 94 1 Exec Code File Inclusion 2010-07-12 2010-07-12
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
10 CVE-2010-2679 89 1 Exec Code Sql 2010-07-08 2010-07-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
11 CVE-2010-1739 89 2 Exec Code Sql 2010-05-06 2010-05-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
12 CVE-2010-0461 89 2 Exec Code Sql 2010-01-28 2010-01-31
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
13 CVE-2010-0373 89 2 Exec Code Sql 2010-01-21 2010-01-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
14 CVE-2009-4583 89 2 Exec Code Sql 2010-01-06 2010-01-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
15 CVE-2009-4579 79 2 XSS 2010-01-06 2010-01-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
16 CVE-2009-2239 89 1 Exec Code Sql 2009-06-27 2009-06-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
17 CVE-2009-2014 89 1 Exec Code Sql 2009-06-09 2009-07-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
18 CVE-2009-1736 89 1 Exec Code Sql 2009-05-20 2009-05-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
19 CVE-2009-1499 89 1 Exec Code Sql 2009-05-01 2009-05-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
20 CVE-2009-0421 89 1 Exec Code Sql 2009-02-04 2009-02-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
21 CVE-2009-0379 89 1 Exec Code Sql 2009-02-02 2009-02-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
22 CVE-2009-0378 79 1 XSS 2009-02-02 2009-02-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.
23 CVE-2009-0377 89 1 Exec Code Sql 2009-02-02 2009-02-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
24 CVE-2009-0329 89 1 Exec Code Sql 2009-01-29 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
25 CVE-2009-0113 22 1 Dir. Trav. 2009-01-09 2009-01-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
26 CVE-2008-6923 89 1 Exec Code Sql 2009-08-10 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
27 CVE-2008-6852 89 1 Exec Code Sql 2009-07-07 2009-07-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
28 CVE-2008-6430 89 1 Exec Code Sql 2009-03-06 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
29 CVE-2008-6234 89 1 Exec Code Sql 2009-02-20 2009-02-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
30 CVE-2008-6182 89 1 Exec Code Sql 2009-02-19 2011-01-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
31 CVE-2008-5811 89 1 Exec Code Sql 2009-01-02 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
32 CVE-2008-5643 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
33 CVE-2008-5208 89 1 Exec Code Sql 2008-11-24 2009-04-01
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
34 CVE-2008-5200 89 1 Exec Code Sql 2008-11-21 2009-08-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
35 CVE-2008-5053 94 2 Exec Code File Inclusion 2008-11-13 2012-11-05
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
36 CVE-2008-4668 22 1 Dir. Trav. 2008-10-22 2009-01-29
9.0
None Remote Low Not required Complete Partial Partial
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
37 CVE-2008-3681 264 1 2008-08-14 2009-02-06
7.5
None Remote Low Not required Partial Partial Partial
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
38 CVE-2008-3586 89 1 Exec Code Sql 2008-08-11 2009-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
39 CVE-2008-3265 89 1 Exec Code Sql 2008-07-24 2009-08-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
40 CVE-2008-3132 89 1 Exec Code Sql 2008-07-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
41 CVE-2008-3083 89 1 Exec Code Sql 2008-07-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
42 CVE-2008-2990 94 1 Exec Code File Inclusion 2008-07-02 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
43 CVE-2008-2892 89 1 Exec Code Sql 2008-06-27 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
44 CVE-2008-2701 89 2 Exec Code Sql 2008-06-13 2009-04-08
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
45 CVE-2008-2692 89 1 Exec Code Sql 2008-06-13 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
46 CVE-2008-2676 89 1 Exec Code Sql 2008-06-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
47 CVE-2008-2651 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
48 CVE-2008-2643 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
49 CVE-2008-2633 89 2 Exec Code Sql 2008-06-09 2009-03-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
50 CVE-2008-2632 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
Total number of vulnerabilities : 122   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.