Joomla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0333 1Joomla 1Com Waticketsystem Apr 23, 2026 Jan 29, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.p...Show more SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.Show less
CVE-2009-0329 1Joomla 1Com Pccookbook Apr 23, 2026 Jan 29, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different...Show more SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.Show less
CVE-2009-0113 1Joomla 1Xstandard Apr 23, 2026 Jan 9, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP...Show more Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.Show less
CVE-2008-5811 1Joomla 1Com Paxgallery Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php.
CVE-2008-4122 1Joomla 1Joomla Apr 23, 2026 Dec 19, 2008 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2008-5671 1Joomla 1Joomla Apr 23, 2026 Dec 19, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_a...Show more PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.Show less
CVE-2008-5643 1Joomla 1Com Books Apr 23, 2026 Dec 17, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
CVE-2008-5208 1Joomla 1Com Datsogallery Apr 23, 2026 Nov 24, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2008-5200 1Joomla 1Com Xewebtv Apr 23, 2026 Nov 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-5053 1Joomla 1Com Rssreader Apr 23, 2026 Nov 13, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site...Show more PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.Show less
CVE-2008-4777 1Joomla 1Com Lms Apr 23, 2026 Oct 29, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVE-2008-4668 1Joomla 1Com Imagebrowser Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 9.0 HIGH· v2 Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to ind...Show more Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.Show less
CVE-2008-4105 1Joomla 1Joomla Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that were set with JRequest::setVar, which allows remote attackers to conduct "variable injection" attacks and have unspecified other impact.
CVE-2008-4104 1Joomla 1Joomla Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2008-4103 1Joomla 1Com Mailto Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
CVE-2008-4102 1Joomla 1Joomla Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset token...Show more Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.Show less
CVE-2008-3681 1Joomla 1Com User Apr 23, 2026 Aug 14, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administr...Show more components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the administrator.Show less
CVE-2008-3586 1Joomla 1Com Ezstore Apr 23, 2026 Aug 11, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVE-2008-3265 1Joomla 1Com Dtregister Apr 23, 2026 Jul 24, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
CVE-2008-3228 1Joomla 1Joomla Apr 23, 2026 Jul 18, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.

Previous 1...161718...27 Next