Joovili

joovili

6 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-6269 1Joovili 1Joovili Apr 23, 2026 Feb 25, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user priv...Show more Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.Show less
CVE-2008-4711 1Joovili 1Joovili Apr 23, 2026 Oct 23, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view...Show more SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.Show less
CVE-2008-2063 1Joovili 1Joovili Apr 23, 2026 May 2, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-0743 1Joovili 1Joovili Apr 23, 2026 Feb 13, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
CVE-2007-6621 1Joovili 1Joovili Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.
CVE-2007-6620 1Joovili 1Joovili Apr 23, 2026 Jan 4, 2008 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.