In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-06-02
Updated
2020-10-19
An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-03-16
Updated
2020-03-18
An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of com_fields allows access for non-superadmin users.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.09%
Published
2020-03-16
Updated
2021-07-21
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-01-28
Updated
2020-02-07
An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2020-01-28
Updated
2020-02-06
An issue was discovered in Joomla! before 3.9.13. A missing token check in com_template causes a CSRF vulnerability.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.07%
Published
2019-11-06
Updated
2019-11-06
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.60%
Published
2019-08-05
Updated
2020-08-24
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
Source: MITRE
Max CVSS
8.8
EPSS Score
1.39%
Published
2018-10-09
Updated
2018-11-26
An issue was discovered in Joomla! before 3.8.13. If an attacker gets access to the mail account of an user who can approve admin verifications in the registration process, he can activate himself.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.42%
Published
2018-10-09
Updated
2020-08-24
An issue was discovered in Joomla! 2.5.0 through 3.8.8 before 3.8.9. The autoload code checks classnames to be valid, using the "class_exists" function in PHP. In PHP 5.3, this function validates invalid names as valid, which can result in a Local File Inclusion.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.20%
Published
2018-06-26
Updated
2018-08-20
An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.35%
Published
2018-05-22
Updated
2019-10-03
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
Source: MITRE
Max CVSS
8.8
EPSS Score
4.22%
Published
2018-03-15
Updated
2018-04-09
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Source: MITRE
Max CVSS
8.8
EPSS Score
0.46%
Published
2017-08-02
Updated
2017-08-04

CVE-2016-8870

Public exploit
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
Source: MITRE
Max CVSS
8.1
EPSS Score
91.42%
Published
2016-11-04
Updated
2017-07-29
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!