CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities Published In 2008 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-5671 94 Exec Code File Inclusion 2008-12-18 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
2 CVE-2008-5643 89 1 Exec Code Sql 2008-12-17 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
3 CVE-2008-5208 89 1 Exec Code Sql 2008-11-24 2009-04-01
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
4 CVE-2008-5200 89 1 Exec Code Sql 2008-11-21 2009-08-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
5 CVE-2008-5053 94 2 Exec Code File Inclusion 2008-11-13 2012-11-05
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
6 CVE-2008-4777 89 Exec Code Sql 2008-10-29 2009-03-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
7 CVE-2008-3586 89 1 Exec Code Sql 2008-08-11 2009-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
8 CVE-2008-3265 89 1 Exec Code Sql 2008-07-24 2009-08-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
9 CVE-2008-3132 89 1 Exec Code Sql 2008-07-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
10 CVE-2008-3083 89 1 Exec Code Sql 2008-07-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
11 CVE-2008-2990 94 1 Exec Code File Inclusion 2008-07-02 2009-01-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
12 CVE-2008-2892 89 1 Exec Code Sql 2008-06-27 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
13 CVE-2008-2701 89 2 Exec Code Sql 2008-06-13 2009-04-08
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
14 CVE-2008-2697 89 Exec Code Sql 2008-06-13 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
15 CVE-2008-2692 89 1 Exec Code Sql 2008-06-13 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
16 CVE-2008-2676 89 1 Exec Code Sql 2008-06-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
17 CVE-2008-2651 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
18 CVE-2008-2643 89 1 Exec Code Sql 2008-06-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
19 CVE-2008-2633 89 2 Exec Code Sql 2008-06-09 2009-03-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
20 CVE-2008-2632 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
21 CVE-2008-2630 89 1 Exec Code Sql 2008-06-09 2009-04-08
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
22 CVE-2008-2627 89 1 Exec Code Sql 2008-06-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
23 CVE-2008-2569 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
24 CVE-2008-2568 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
25 CVE-2008-2564 89 1 Exec Code Sql 2008-06-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
26 CVE-2008-2454 89 1 Exec Code Sql XSS 2008-05-27 2009-04-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
27 CVE-2008-2095 89 1 Exec Code Sql 2008-05-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
28 CVE-2008-2093 89 1 Exec Code Sql 2008-05-06 2012-10-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.
29 CVE-2008-1935 89 1 Exec Code Sql 2008-04-25 2009-02-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
30 CVE-2008-1540 89 Exec Code Sql 2008-03-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
31 CVE-2008-1427 89 1 Exec Code Sql 2008-03-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
32 CVE-2008-1297 89 1 Exec Code Sql 2008-03-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
33 CVE-2008-1137 89 1 Exec Code Sql 2008-03-04 2008-12-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
34 CVE-2008-0918 89 Exec Code Sql 2008-02-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
35 CVE-2008-0855 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
36 CVE-2008-0854 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
37 CVE-2008-0853 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.
38 CVE-2008-0849 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
39 CVE-2008-0846 89 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
40 CVE-2008-0844 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
41 CVE-2008-0842 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
42 CVE-2008-0841 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
43 CVE-2008-0839 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
44 CVE-2008-0833 89 1 Exec Code Sql 2008-02-20 2009-08-25
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
45 CVE-2008-0832 89 1 Exec Code Sql 2008-02-20 2009-08-25
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
46 CVE-2008-0831 89 1 Exec Code Sql 2008-02-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.
47 CVE-2008-0829 89 1 Exec Code Sql 2008-02-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
48 CVE-2008-0817 89 Exec Code Sql 2008-02-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
49 CVE-2008-0815 89 Exec Code Sql 2008-02-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
50 CVE-2008-0810 89 Exec Code Sql 2008-02-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
Total number of vulnerabilities : 80   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.