CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities Published In 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5671 94 Exec Code File Inclusion 2008-12-18 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
2 CVE-2008-5643 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
3 CVE-2008-5208 89 1 Exec Code Sql 2008-11-24 2009-04-01
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
4 CVE-2008-5200 89 1 Exec Code Sql 2008-11-21 2009-08-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
5 CVE-2008-5053 94 2 Exec Code File Inclusion 2008-11-13 2012-11-05
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
6 CVE-2008-4777 89 Exec Code Sql 2008-10-29 2009-03-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
7 CVE-2008-4668 22 1 Dir. Trav. 2008-10-22 2009-01-29
9.0
None Remote Low Not required Complete Partial Partial
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
8 CVE-2008-4122 310 2008-12-19 2009-01-29
5.0
None Remote Low Not required Partial None None
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
9 CVE-2008-4105 20 2008-09-18 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
10 CVE-2008-4104 59 2008-09-18 2009-08-19
5.8
None Remote Medium Not required None Partial Partial
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
11 CVE-2008-4103 20 2008-09-18 2009-08-19
5.0
None Remote Low Not required Partial None None
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
12 CVE-2008-4102 189 2008-09-18 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
13 CVE-2008-3681 264 1 2008-08-14 2009-02-06
7.5
None Remote Low Not required Partial Partial Partial
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
14 CVE-2008-3586 89 1 Exec Code Sql 2008-08-11 2009-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
15 CVE-2008-3265 89 1 Exec Code Sql 2008-07-24 2009-08-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
16 CVE-2008-3228 16 2008-07-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
17 CVE-2008-3227 59 2008-07-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
18 CVE-2008-3226 264 2008-07-18 2009-06-09
5.0
None Remote Low Not required Partial None None
The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors.
19 CVE-2008-3225 264 2008-07-18 2009-06-09
10.0
None Remote Low Not required Complete Complete Complete
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
20 CVE-2008-3132 89 1 Exec Code Sql 2008-07-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
21 CVE-2008-3083 89 1 Exec Code Sql 2008-07-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
22 CVE-2008-2990 94 1 Exec Code File Inclusion 2008-07-02 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
23 CVE-2008-2892 89 1 Exec Code Sql 2008-06-27 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
24 CVE-2008-2701 89 2 Exec Code Sql 2008-06-13 2009-04-08
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
25 CVE-2008-2697 89 Exec Code Sql 2008-06-13 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
26 CVE-2008-2692 89 1 Exec Code Sql 2008-06-13 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
27 CVE-2008-2676 89 1 Exec Code Sql 2008-06-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
28 CVE-2008-2651 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
29 CVE-2008-2643 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
30 CVE-2008-2633 89 2 Exec Code Sql 2008-06-09 2009-03-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
31 CVE-2008-2632 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
32 CVE-2008-2630 89 1 Exec Code Sql 2008-06-09 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
33 CVE-2008-2627 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
34 CVE-2008-2569 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
35 CVE-2008-2568 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
36 CVE-2008-2564 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
37 CVE-2008-2454 89 1 Exec Code Sql XSS 2008-05-27 2009-04-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
38 CVE-2008-2095 89 1 Exec Code Sql 2008-05-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
39 CVE-2008-2093 89 1 Exec Code Sql 2008-05-06 2012-10-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
40 CVE-2008-1935 89 1 Exec Code Sql 2008-04-25 2009-02-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
41 CVE-2008-1540 89 Exec Code Sql 2008-03-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
42 CVE-2008-1533 2008-03-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
43 CVE-2008-1427 89 1 Exec Code Sql 2008-03-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
44 CVE-2008-1297 89 1 Exec Code Sql 2008-03-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
45 CVE-2008-1137 89 1 Exec Code Sql 2008-03-04 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
46 CVE-2008-0918 89 Exec Code Sql 2008-02-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
47 CVE-2008-0855 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
48 CVE-2008-0854 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
49 CVE-2008-0853 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
50 CVE-2008-0849 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
Total number of vulnerabilities : 96   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.