← Back

Joomla

joomla

534 CVEs • 147 products

Products (147)

Click to collapse
Toggle
Joomla
joomla
383 CVEs
Bsq Sitestats
bsq_sitestats
6 CVEs
Rs Gallery2
rs_gallery2
4 CVEs
Com Beamospetition
com_beamospetition
3 CVEs
Com Weblinks
com_weblinks
3 CVEs
Jd Wiki
jd-wiki
2 CVEs
Com Sef
com_sef
2 CVEs
Com Downloads
com_downloads
2 CVEs
Com Rapidrecipe
com_rapidrecipe
2 CVEs
Com Pcchess
com_pcchess
2 CVEs
Com Astatspro
com_astatspro
2 CVEs
Com Pccookbook
com_pccookbook
2 CVEs
Com Facileforms
com_facileforms
2 CVEs
Com Mailto
com_mailto
2 CVEs
Pc Cookbook
pc_cookbook
1 CVE
Performs Component
performs_component
1 CVE
Colophon
colophon
1 CVE
Lmo
lmo
1 CVE
Webring Component
webring_component
1 CVE
Moslistmessenger Component
moslistmessenger_component
1 CVE
Jim Instant Messaging Component
jim_instant_messaging_component
1 CVE
X Shop Component
x-shop_component
1 CVE
Rssxt Component
rssxt_component
1 CVE
Com Comprofiler Component
com_comprofiler_component
1 CVE
Jim Component
jim_component
1 CVE
Jd Wordpress
jd-wordpress
1 CVE
Joomlalib
joomlalib
1 CVE
Com Events
com_events
1 CVE
Events Module
events_module
1 CVE
Sef4040x
sef4040x
1 CVE
Com Hotproperties
com_hotproperties
1 CVE
Hot Properties
hot_properties
1 CVE
Com Mosmedia
com_mosmedia
1 CVE
Mosmedia
mosmedia
1 CVE
Prince Clan Chess Component
prince_clan_chess_component
1 CVE
Classifieds Component
classifieds_component
1 CVE
Com Classifieds
com_classifieds
1 CVE
Be It Easypartner Component
be_it_easypartner_component
1 CVE
Nfn Address Book
nfn_address_book
1 CVE
Swmenu Component
swmenu_component
1 CVE
Rwcards Component
rwcards_component
1 CVE
Car Manager
car_manager
1 CVE
Taskhopper Component
taskhopper_component
1 CVE
Jambook
jambook
1 CVE
Letterman Subscriber
letterman_subscriber
1 CVE
Expose
expose
1 CVE
Pony Gallery
pony_gallery
1 CVE
Tour De France Pool
tour_de_france_pool
1 CVE
J Reactions
j_reactions
1 CVE
Bibtex
bibtex
1 CVE
Nice Talk
nice_talk
1 CVE
Rsfiles
rsfiles
1 CVE
Neorecruit
neorecruit
1 CVE
Eventlist
eventlist
1 CVE
Akobook
akobook
1 CVE
Joomla Radio
joomla_radio
1 CVE
Joom12pic Component
joom12pic_component
1 CVE
Flash Fun Component
flash_fun_component
1 CVE
Com Search Component
com_search_component
1 CVE
Com Newsletter
com_newsletter
1 CVE
Com Mamml
com_mamml
1 CVE
Com Fq
com_fq
1 CVE
Glossary
glossary
1 CVE
Musepoes Component
musepoes_component
1 CVE
Com Recipes
com_recipes
1 CVE
Com Jokes
com_jokes
1 CVE
Com Buslicense
com_buslicense
1 CVE
Com Awesom
com_awesom
1 CVE
Com Shambo2
com_shambo2
1 CVE
Com Sobi2
com_sobi2
1 CVE
Com Ynews
com_ynews
1 CVE
Com Noticias
com_noticias
1 CVE
Com Neoreferences
com_neoreferences
1 CVE
Com Marketplace
com_marketplace
1 CVE
Com Directory
com_directory
1 CVE
Com Gallery
com_gallery
1 CVE
Com Neogallery
com_neogallery
1 CVE
Com Iomezun
com_iomezun
1 CVE
Com Doc
com_doc
1 CVE
Com Comments
com_comments
1 CVE
Com Quiz
com_quiz
1 CVE
Com Mcquiz
com_mcquiz
1 CVE
Com Mediaslide
com_mediaslide
1 CVE
Com Scheduling Component
com_scheduling_component
1 CVE
Com Mezun
com_mezun
1 CVE
Com Filebase Component
com_filebase_component
1 CVE
Rapid Recipe
rapid_recipe
1 CVE
Kemas Antonius Com Quran
kemas_antonius_com_quran
1 CVE
Com Galeria
com_galeria
1 CVE
Com Ricette Component
com_ricette_component
1 CVE
Com Clasifier
com_clasifier
1 CVE
Com Profile
com_profile
1 CVE
Com Detail
com_detail
1 CVE
Com Salesrep
com_salesrep
1 CVE
Com Garyscookbook
com_garyscookbook
1 CVE
Com Ewriting
com_ewriting
1 CVE
Com Acajoom
com_acajoom
1 CVE
Datsogallery
datsogallery
1 CVE
Com Comprofiler
com_comprofiler
1 CVE
Com Flippingbook
com_flippingbook
1 CVE

CVEs (534)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-2196
2Joomla
Mambo
2Jambook
Jambook
Apr 23, 2026
Apr 24, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path pa...Show more
PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct requestShow less
CVE-2007-2005
2Joomla
Mambo
2Taskhopper Component
Taskhopper Component
Apr 23, 2026
Apr 12, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) cont...Show more
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.Show less
CVE-2007-1704
1Joomla
1Car Manager
Apr 23, 2026
Mar 27, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1703
1Joomla
1Rwcards Component
Apr 23, 2026
Mar 27, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2007-1699
2Joomla
Mambo
2Swmenu Component
Swmenu Component
Apr 23, 2026
Mar 27, 2007
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abso...Show more
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees.Show less
CVE-2007-1596
2Joomla
Mambo
2Nfn Address Book
Nfn Address Book
Apr 23, 2026
Mar 22, 2007
N/A· v4
N/A· v3
9.3 HIGH· v2
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolut...Show more
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php.Show less
CVE-2006-7126
1Joomla
1Bsq Sitestats
Apr 23, 2026
Mar 6, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.
CVE-2006-7125
1Joomla
1Bsq Sitestats
Apr 23, 2026
Mar 6, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administ...Show more
Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.Show less
CVE-2006-7124
1Joomla
1Bsq Sitestats
Apr 23, 2026
Mar 6, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the base...Show more
PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.Show less
CVE-2006-7123
1Joomla
1Bsq Sitestats
Apr 23, 2026
Mar 6, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when...Show more
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.Show less
CVE-2006-7122
1Joomla
1Bsq Sitestats
Apr 23, 2026
Mar 6, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web scr...Show more
Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.Show less
CVE-2006-7010
1Joomla
1Joomla
Apr 23, 2026
Feb 12, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL...Show more
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.Show less
CVE-2006-7009
1Joomla
1Joomla
Apr 23, 2026
Feb 12, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
CVE-2006-7008
1Joomla
1Joomla
Apr 23, 2026
Feb 12, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
CVE-2006-6962
1Joomla
1Rs Gallery2
Apr 23, 2026
Jan 29, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. N...Show more
PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047.Show less
CVE-2007-0387
1Joomla
1Joomla
Apr 23, 2026
Jan 19, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2007-0375
1Joomla
1Joomla
Apr 23, 2026
Jan 19, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mo...Show more
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.Show less
CVE-2007-0374
2Joomla
Mambo
2Joomla
Mambo
Apr 23, 2026
Jan 19, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.
CVE-2007-0373
1Joomla
1Joomla
Apr 23, 2026
Jan 19, 2007
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.p...Show more
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.Show less
CVE-2006-6843
1Joomla
1Be It Easypartner Component
Apr 23, 2026
Dec 31, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information i...Show more
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.Show less