Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.21%
Published
2009-04-09
Updated
2017-08-17
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.46%
Published
2008-12-19
Updated
2018-10-11
JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
Max CVSS
7.5
EPSS Score
1.53%
Published
2008-09-18
Updated
2017-08-08
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
Max CVSS
7.5
EPSS Score
1.11%
Published
2008-09-18
Updated
2018-10-11
Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.34%
Published
2008-07-18
Updated
2017-08-08
Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability.
Max CVSS
7.5
EPSS Score
0.30%
Published
2008-07-18
Updated
2017-08-08
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
Max CVSS
10.0
EPSS Score
0.32%
Published
2008-07-18
Updated
2017-08-08
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
Max CVSS
7.5
EPSS Score
2.00%
Published
2008-07-02
Updated
2017-09-29
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-06-12
Updated
2017-09-29
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
Max CVSS
7.5
EPSS Score
0.27%
Published
2008-06-10
Updated
2018-10-11
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-06-10
Updated
2017-09-29
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2008-06-06
Updated
2017-10-19
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-06-06
Updated
2017-09-29
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-04-25
Updated
2017-09-29
Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
Max CVSS
6.8
EPSS Score
1.04%
Published
2008-03-28
Updated
2017-08-08
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
Max CVSS
7.5
EPSS Score
0.09%
Published
2008-02-19
Updated
2017-09-29
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-02-15
Updated
2017-09-29
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
Max CVSS
7.5
EPSS Score
0.06%
Published
2008-02-04
Updated
2017-09-29
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-01-31
Updated
2017-09-29
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
Max CVSS
7.5
EPSS Score
1.19%
Published
2008-01-04
Updated
2008-11-15
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
Max CVSS
6.5
EPSS Score
0.37%
Published
2008-01-04
Updated
2008-11-15
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.31%
Published
2008-01-04
Updated
2018-10-15
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
Max CVSS
7.5
EPSS Score
0.06%
Published
2007-12-07
Updated
2018-10-15
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
Max CVSS
6.8
EPSS Score
6.30%
Published
2007-10-14
Updated
2018-10-15
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
Max CVSS
6.8
EPSS Score
2.69%
Published
2007-10-14
Updated
2017-09-29
58 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!