Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2006-01-19
Updated
2008-09-05
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2006-03-07
Updated
2008-09-05
Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."
Max CVSS
10.0
EPSS Score
0.36%
Published
2006-09-26
Updated
2008-09-05
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to index.php.
Max CVSS
7.8
EPSS Score
1.83%
Published
2006-03-07
Updated
2018-10-18
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-03-07
Updated
2011-09-08
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
Max CVSS
7.5
EPSS Score
1.57%
Published
2006-06-12
Updated
2018-10-18
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".
Max CVSS
7.5
EPSS Score
0.86%
Published
2006-07-10
Updated
2017-07-20
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
14.88%
Published
2006-08-01
Updated
2017-10-19
PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
9.71%
Published
2006-08-01
Updated
2017-10-19
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter.
Max CVSS
7.5
EPSS Score
46.22%
Published
2006-08-14
Updated
2018-10-17
PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
2.16%
Published
2006-08-18
Updated
2018-10-17
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
Max CVSS
7.5
EPSS Score
1.53%
Published
2006-08-21
Updated
2024-03-21
Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue
Max CVSS
7.5
EPSS Score
1.57%
Published
2006-08-26
Updated
2024-03-21
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."
Max CVSS
7.5
EPSS Score
6.94%
Published
2006-08-31
Updated
2021-10-01
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
Max CVSS
7.5
EPSS Score
1.02%
Published
2006-08-31
Updated
2021-10-01
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
Max CVSS
7.5
EPSS Score
0.33%
Published
2006-08-31
Updated
2021-10-01
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.48%
Published
2006-08-31
Updated
2011-03-08
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
Max CVSS
7.5
EPSS Score
1.33%
Published
2006-08-31
Updated
2011-03-08
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
Max CVSS
7.5
EPSS Score
1.52%
Published
2006-09-06
Updated
2024-03-21
Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
Max CVSS
7.5
EPSS Score
9.19%
Published
2006-09-26
Updated
2008-09-05
PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
0.34%
Published
2006-09-26
Updated
2008-09-05
Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.21%
Published
2006-09-27
Updated
2008-09-05
Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.19%
Published
2006-09-27
Updated
2008-09-05
Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.19%
Published
2006-09-27
Updated
2008-09-05
Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
Max CVSS
7.5
EPSS Score
0.21%
Published
2006-09-27
Updated
2008-09-05
51 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!