CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities Published In 2008

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5643 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
2 CVE-2008-5208 89 1 Exec Code Sql 2008-11-24 2009-04-01
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
3 CVE-2008-5200 89 1 Exec Code Sql 2008-11-21 2009-08-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
4 CVE-2008-5053 94 2 Exec Code File Inclusion 2008-11-13 2012-11-05
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
5 CVE-2008-4668 22 1 Dir. Trav. 2008-10-22 2009-01-29
9.0
None Remote Low Not required Complete Partial Partial
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
6 CVE-2008-3681 264 1 2008-08-14 2009-02-06
7.5
None Remote Low Not required Partial Partial Partial
components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.
7 CVE-2008-3586 89 1 Exec Code Sql 2008-08-11 2009-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
8 CVE-2008-3265 89 1 Exec Code Sql 2008-07-24 2009-08-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
9 CVE-2008-3132 89 1 Exec Code Sql 2008-07-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
10 CVE-2008-3083 89 1 Exec Code Sql 2008-07-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
11 CVE-2008-2990 94 1 Exec Code File Inclusion 2008-07-02 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
12 CVE-2008-2892 89 1 Exec Code Sql 2008-06-27 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
13 CVE-2008-2701 89 2 Exec Code Sql 2008-06-13 2009-04-08
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
14 CVE-2008-2692 89 1 Exec Code Sql 2008-06-13 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
15 CVE-2008-2676 89 1 Exec Code Sql 2008-06-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
16 CVE-2008-2651 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
17 CVE-2008-2643 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
18 CVE-2008-2633 89 2 Exec Code Sql 2008-06-09 2009-03-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
19 CVE-2008-2632 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
20 CVE-2008-2630 89 1 Exec Code Sql 2008-06-09 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
21 CVE-2008-2627 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
22 CVE-2008-2569 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
23 CVE-2008-2568 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
24 CVE-2008-2564 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
25 CVE-2008-2454 89 1 Exec Code Sql XSS 2008-05-27 2009-04-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
26 CVE-2008-2095 89 1 Exec Code Sql 2008-05-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
27 CVE-2008-2093 89 1 Exec Code Sql 2008-05-06 2012-10-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
28 CVE-2008-1935 89 1 Exec Code Sql 2008-04-25 2009-02-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
29 CVE-2008-1427 89 1 Exec Code Sql 2008-03-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
30 CVE-2008-1297 89 1 Exec Code Sql 2008-03-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
31 CVE-2008-1137 89 1 Exec Code Sql 2008-03-04 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
32 CVE-2008-0844 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
33 CVE-2008-0842 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
34 CVE-2008-0841 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
35 CVE-2008-0839 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
36 CVE-2008-0833 89 1 Exec Code Sql 2008-02-20 2009-08-25
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
37 CVE-2008-0832 89 1 Exec Code Sql 2008-02-20 2009-08-25
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
38 CVE-2008-0831 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
39 CVE-2008-0829 89 1 Exec Code Sql 2008-02-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
40 CVE-2008-0802 89 1 Exec Code Sql 2008-02-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
41 CVE-2008-0800 89 1 Exec Code Sql 2008-02-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
42 CVE-2008-0799 89 1 Exec Code Sql 2008-02-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.
43 CVE-2008-0795 89 1 Exec Code Sql 2008-02-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
44 CVE-2008-0773 89 1 Exec Code Sql 2008-02-13 2009-08-25
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
45 CVE-2008-0772 89 1 Exec Code Sql 2008-02-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
46 CVE-2008-0761 89 1 Exec Code Sql 2008-02-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.
47 CVE-2008-0752 89 1 Exec Code Sql 2008-02-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.
48 CVE-2008-0746 89 1 Exec Code Sql 2008-02-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
49 CVE-2008-0690 89 1 Exec Code Sql 2008-02-11 2008-11-04
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.
50 CVE-2008-0689 89 1 Exec Code Sql 2008-02-11 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.
Total number of vulnerabilities : 67   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.