In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-11-10
Updated
2017-11-28
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
Max CVSS
4.3
EPSS Score
0.18%
Published
2017-11-10
Updated
2017-11-28
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
Max CVSS
9.8
EPSS Score
1.04%
Published
2017-09-20
Updated
2017-09-27
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.
Max CVSS
4.3
EPSS Score
0.47%
Published
2017-09-20
Updated
2019-10-03
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-07-26
Updated
2017-07-31
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
Max CVSS
8.8
EPSS Score
0.46%
Published
2017-08-02
Updated
2017-08-04
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
Max CVSS
6.1
EPSS Score
0.57%
Published
2017-07-17
Updated
2017-07-21
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
Max CVSS
7.5
EPSS Score
0.33%
Published
2017-07-17
Updated
2017-07-20

CVE-2017-8917

Public exploit
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
9.8
EPSS Score
97.56%
Published
2017-05-17
Updated
2019-04-16
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
Max CVSS
5.3
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-03
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
Max CVSS
6.5
EPSS Score
0.05%
Published
2017-04-25
Updated
2017-05-02
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
Max CVSS
5.3
EPSS Score
0.10%
Published
2017-04-25
Updated
2019-10-03
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-03
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-02
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
Max CVSS
6.1
EPSS Score
0.49%
Published
2017-04-25
Updated
2019-03-19
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-02
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
Max CVSS
5.3
EPSS Score
0.14%
Published
2017-04-25
Updated
2017-05-03
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
Max CVSS
9.8
EPSS Score
0.22%
Published
2017-01-23
Updated
2017-01-26
Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
Max CVSS
6.1
EPSS Score
0.14%
Published
2017-09-20
Updated
2017-09-22
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!