← Back

Joomla

joomla

534 CVEs • 147 products

Products (147)

Click to collapse
Toggle
Joomla
joomla
383 CVEs
Bsq Sitestats
bsq_sitestats
6 CVEs
Rs Gallery2
rs_gallery2
4 CVEs
Com Beamospetition
com_beamospetition
3 CVEs
Com Weblinks
com_weblinks
3 CVEs
Jd Wiki
jd-wiki
2 CVEs
Com Sef
com_sef
2 CVEs
Com Downloads
com_downloads
2 CVEs
Com Rapidrecipe
com_rapidrecipe
2 CVEs
Com Pcchess
com_pcchess
2 CVEs
Com Astatspro
com_astatspro
2 CVEs
Com Pccookbook
com_pccookbook
2 CVEs
Com Facileforms
com_facileforms
2 CVEs
Com Mailto
com_mailto
2 CVEs
Pc Cookbook
pc_cookbook
1 CVE
Performs Component
performs_component
1 CVE
Colophon
colophon
1 CVE
Lmo
lmo
1 CVE
Webring Component
webring_component
1 CVE
Moslistmessenger Component
moslistmessenger_component
1 CVE
Jim Instant Messaging Component
jim_instant_messaging_component
1 CVE
X Shop Component
x-shop_component
1 CVE
Rssxt Component
rssxt_component
1 CVE
Com Comprofiler Component
com_comprofiler_component
1 CVE
Jim Component
jim_component
1 CVE
Jd Wordpress
jd-wordpress
1 CVE
Joomlalib
joomlalib
1 CVE
Com Events
com_events
1 CVE
Events Module
events_module
1 CVE
Sef4040x
sef4040x
1 CVE
Com Hotproperties
com_hotproperties
1 CVE
Hot Properties
hot_properties
1 CVE
Com Mosmedia
com_mosmedia
1 CVE
Mosmedia
mosmedia
1 CVE
Prince Clan Chess Component
prince_clan_chess_component
1 CVE
Classifieds Component
classifieds_component
1 CVE
Com Classifieds
com_classifieds
1 CVE
Be It Easypartner Component
be_it_easypartner_component
1 CVE
Nfn Address Book
nfn_address_book
1 CVE
Swmenu Component
swmenu_component
1 CVE
Rwcards Component
rwcards_component
1 CVE
Car Manager
car_manager
1 CVE
Taskhopper Component
taskhopper_component
1 CVE
Jambook
jambook
1 CVE
Letterman Subscriber
letterman_subscriber
1 CVE
Expose
expose
1 CVE
Pony Gallery
pony_gallery
1 CVE
Tour De France Pool
tour_de_france_pool
1 CVE
J Reactions
j_reactions
1 CVE
Bibtex
bibtex
1 CVE
Nice Talk
nice_talk
1 CVE
Rsfiles
rsfiles
1 CVE
Neorecruit
neorecruit
1 CVE
Eventlist
eventlist
1 CVE
Akobook
akobook
1 CVE
Joomla Radio
joomla_radio
1 CVE
Joom12pic Component
joom12pic_component
1 CVE
Flash Fun Component
flash_fun_component
1 CVE
Com Search Component
com_search_component
1 CVE
Com Newsletter
com_newsletter
1 CVE
Com Mamml
com_mamml
1 CVE
Com Fq
com_fq
1 CVE
Glossary
glossary
1 CVE
Musepoes Component
musepoes_component
1 CVE
Com Recipes
com_recipes
1 CVE
Com Jokes
com_jokes
1 CVE
Com Buslicense
com_buslicense
1 CVE
Com Awesom
com_awesom
1 CVE
Com Shambo2
com_shambo2
1 CVE
Com Sobi2
com_sobi2
1 CVE
Com Ynews
com_ynews
1 CVE
Com Noticias
com_noticias
1 CVE
Com Neoreferences
com_neoreferences
1 CVE
Com Marketplace
com_marketplace
1 CVE
Com Directory
com_directory
1 CVE
Com Gallery
com_gallery
1 CVE
Com Neogallery
com_neogallery
1 CVE
Com Iomezun
com_iomezun
1 CVE
Com Doc
com_doc
1 CVE
Com Comments
com_comments
1 CVE
Com Quiz
com_quiz
1 CVE
Com Mcquiz
com_mcquiz
1 CVE
Com Mediaslide
com_mediaslide
1 CVE
Com Scheduling Component
com_scheduling_component
1 CVE
Com Mezun
com_mezun
1 CVE
Com Filebase Component
com_filebase_component
1 CVE
Rapid Recipe
rapid_recipe
1 CVE
Kemas Antonius Com Quran
kemas_antonius_com_quran
1 CVE
Com Galeria
com_galeria
1 CVE
Com Ricette Component
com_ricette_component
1 CVE
Com Clasifier
com_clasifier
1 CVE
Com Profile
com_profile
1 CVE
Com Detail
com_detail
1 CVE
Com Salesrep
com_salesrep
1 CVE
Com Garyscookbook
com_garyscookbook
1 CVE
Com Ewriting
com_ewriting
1 CVE
Com Acajoom
com_acajoom
1 CVE
Datsogallery
datsogallery
1 CVE
Com Comprofiler
com_comprofiler
1 CVE
Com Flippingbook
com_flippingbook
1 CVE

CVEs (534)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2017-7987
1Joomla
1Joomla
May 13, 2026
Apr 25, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVE-2017-7986
1Joomla
1Joomla
May 13, 2026
Apr 25, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVE-2017-7985
1Joomla
1Joomla
May 13, 2026
Apr 25, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVE-2017-7984
1Joomla
1Joomla
May 13, 2026
Apr 25, 2017
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
CVE-2017-7983
1Joomla
1Joomla
May 13, 2026
Apr 25, 2017
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.
CVE-2016-9081
1Joomla
1Joomla
May 13, 2026
Jan 23, 2017
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
CVE-2016-10045
3Joomla
Phpmailer ProjectWordpress
3Joomla
PhpmailerWordpress
May 6, 2026
Dec 30, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshell...Show more
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.Show less
CVE-2016-10033
3Joomla
Phpmailer ProjectWordpress
3Joomla
PhpmailerWordpress
Apr 21, 2026
Dec 30, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote)...Show more
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.Show less
CVE-2016-9838
1Joomla
1Joomla
May 6, 2026
Dec 16, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to...Show more
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.Show less
CVE-2016-9837
1Joomla
1Joomla
May 6, 2026
Dec 16, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view arti...Show more
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?option=com_content&view=article&id=1&template=beez3 request.Show less
CVE-2016-9836
1Joomla
1Joomla
May 6, 2026
Dec 5, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and exe...Show more
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.Show less
CVE-2016-8870
1Joomla
1Joomla
May 6, 2026
Nov 4, 2016
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leve...Show more
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.Show less
CVE-2016-8869
1Joomla
1Joomla
May 6, 2026
Nov 4, 2016
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data whe...Show more
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.Show less
CVE-2015-8769
1Joomla
1Joomla
May 6, 2026
Jan 12, 2016
N/A· v4
7.3 HIGH· v3
7.5 HIGH· v2
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-8566
1Joomla
1Session
May 6, 2026
Dec 16, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
CVE-2015-8565
1Joomla
1Joomla
May 6, 2026
Dec 16, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-8564
1Joomla
1Joomla
May 6, 2026
Dec 16, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
CVE-2015-8563
1Joomla
1Joomla
May 6, 2026
Dec 16, 2015
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown...Show more
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.Show less
CVE-2015-8562
1Joomla
1Joomla
May 6, 2026
Dec 16, 2015
N/A· v4
N/A· v3
7.5 HIGH· v2
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
CVE-2015-7899
1Joomla
1Joomla
May 6, 2026
Oct 29, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors.