CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities Published In 2009 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2239 89 1 Exec Code Sql 2009-06-27 2009-06-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
2 CVE-2009-2014 89 1 Exec Code Sql 2009-06-09 2009-07-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
3 CVE-2009-1736 89 1 Exec Code Sql 2009-05-20 2009-05-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
4 CVE-2009-1499 89 1 Exec Code Sql 2009-05-01 2009-05-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
5 CVE-2009-0421 89 1 Exec Code Sql 2009-02-04 2009-02-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
6 CVE-2009-0379 89 1 Exec Code Sql 2009-02-02 2009-02-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
7 CVE-2009-0377 89 1 Exec Code Sql 2009-02-02 2009-02-02
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
8 CVE-2009-0333 89 Exec Code Sql 2009-01-29 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
9 CVE-2009-0329 89 1 Exec Code Sql 2009-01-29 2009-01-29
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
10 CVE-2008-6923 89 1 Exec Code Sql 2009-08-10 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
11 CVE-2008-6852 89 1 Exec Code Sql 2009-07-07 2009-07-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
12 CVE-2008-6430 89 1 Exec Code Sql 2009-03-06 2009-04-14
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
13 CVE-2008-6234 89 1 Exec Code Sql 2009-02-20 2009-02-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com_musica module in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
14 CVE-2008-6182 89 1 Exec Code Sql 2009-02-19 2011-01-20
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
15 CVE-2008-5811 89 1 Exec Code Sql 2009-01-02 2009-02-26
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
Total number of vulnerabilities : 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.