Total
215 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1505 | 2 Joomla, Sstreamtv | 2 Joomla, Custompages | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php. | |||||
CVE-2008-6184 | 2 Joomla, Medialab-karlsruhe | 2 Joomla, Ownbiblio | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. | |||||
CVE-2009-0421 | 1 Joomla | 2 Com Eventing, Joomla | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
CVE-2009-2637 | 2 Joomla, Ordasoft | 2 Joomla, Com Booklibrary | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | |||||
CVE-2009-2239 | 1 Joomla | 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
CVE-2009-0730 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. | |||||
CVE-2009-0378 | 1 Joomla | 2 Com Beamospetition, Joomla | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action. | |||||
CVE-2009-2014 | 1 Joomla | 2 Com School, Joomla | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | |||||
CVE-2009-1940 | 1 Joomla | 1 Joomla | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-3155 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter. | |||||
CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php. | |||||
CVE-2009-2609 | 2 Amotools, Joomla | 2 Com Amocourse, Joomla | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | |||||
CVE-2009-3434 | 3 Joomla, Mambo, Onestopjoomla | 3 Joomla, Mambo, Com Tupinambis | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | |||||
CVE-2009-2635 | 2 Joomla, Ordasoft | 2 Joomla, Com Realestatemanager | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2008-6088 | 2 Joomla, Joomtracker | 2 Joomla, Com Joomtracker | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php. | |||||
CVE-2009-0702 | 2 Joomla, Phoca | 2 Joomla, Com Phocadocumentation | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php. | |||||
CVE-2008-4617 | 3 Joomla, Mambo-foundation, Pyxicom | 3 Joomla, Mambo, Actualite | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. |