← Back

Joovili

joovili

Vendor: Joovili • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2008-6269
1Joovili
1Joovili
Apr 23, 2026
Feb 25, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user priv...Show more
Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.Show less
CVE-2008-4711
1Joovili
1Joovili
Apr 23, 2026
Oct 23, 2008
N/A· v4
N/A· v3
6.8 MEDIUM· v2
SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view...Show more
SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.Show less
CVE-2008-2063
1Joovili
1Joovili
Apr 23, 2026
May 2, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-0743
1Joovili
1Joovili
Apr 23, 2026
Feb 13, 2008
N/A· v4
N/A· v3
10.0 HIGH· v2
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
CVE-2007-6621
1Joovili
1Joovili
Apr 23, 2026
Jan 4, 2008
N/A· v4
N/A· v3
6.4 MEDIUM· v2
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2007-6620
1Joovili
1Joovili
Apr 23, 2026
Jan 4, 2008
N/A· v4
N/A· v3
6.4 MEDIUM· v2
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.