CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Joomla : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-0794 79 1 Exec Code Sql XSS 2014-01-26 2017-08-28
4.3
None Remote Medium Not required None Partial None
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
2 CVE-2013-5576 20 1 Bypass 2013-10-09 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . (dot), as exploited in the wild in August 2013.
3 CVE-2013-3242 20 1 DoS 2013-05-03 2014-03-07
5.5
None Remote Low Single system None Partial Partial
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
4 CVE-2012-3829 200 1 +Info 2012-07-03 2012-07-17
5.0
None Remote Low Not required Partial None None
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
5 CVE-2012-3828 79 1 XSS 2012-07-03 2017-08-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.
6 CVE-2011-0005 79 1 XSS 2011-01-10 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the com_search module for Joomla! 1.0.x through 1.0.15 allows remote attackers to inject arbitrary web script or HTML via the ordering parameter to index.php.
7 CVE-2010-4945 89 3 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
8 CVE-2010-4944 89 1 Exec Code Sql 2011-10-09 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
9 CVE-2010-2681 94 1 Exec Code File Inclusion 2010-07-12 2010-07-12
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
10 CVE-2010-2679 89 1 Exec Code Sql 2010-07-08 2010-07-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
11 CVE-2010-1739 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
12 CVE-2010-0461 89 2 Exec Code Sql 2010-01-28 2017-08-16
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.
13 CVE-2010-0373 89 2 Exec Code Sql 2010-01-21 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
14 CVE-2009-4583 89 2 Exec Code Sql 2010-01-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
15 CVE-2009-4579 79 2 XSS 2010-01-06 2017-08-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
16 CVE-2009-2239 89 1 Exec Code Sql 2009-06-27 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
17 CVE-2008-5053 94 1 Exec Code File Inclusion 2008-11-13 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
18 CVE-2008-2701 89 1 Exec Code Sql 2008-06-13 2017-09-28
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
19 CVE-2008-2633 89 1 Exec Code Sql 2008-06-09 2017-09-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
20 CVE-2006-7247 89 1 Exec Code Sql 2012-09-06 2013-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
Total number of vulnerabilities : 20   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.