Search Results (864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6221 2 Dadamailproject, Joomla 2 Dada Mail Manager, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2008-4668 1 Joomla 2 Com Imagebrowser, Joomla 2026-04-23 N/A
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVE-2009-3318 2 Breedveld, Joomla 2 Com Album, Joomla 2026-04-23 N/A
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
CVE-2006-6833 1 Joomla 1 Joomla 2026-04-23 N/A
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
CVE-2009-3332 2 Joomla, Sopinet 2 Joomla, Com Jbudgetsmagic 2026-04-23 N/A
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
CVE-2008-3498 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2026-04-23 N/A
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-3334 2 Joomla, Lhacky 2 Joomla\!, Com Jinc 2026-04-23 N/A
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
CVE-2006-7008 1 Joomla 1 Joomla 2026-04-23 N/A
Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.
CVE-2009-3335 2 Joomla, Turtus 2 Joomla\!, Turtushout 2026-04-23 N/A
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
CVE-2007-6642 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
CVE-2008-5053 1 Joomla 2 Com Rssreader, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2006-7009 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.
CVE-2009-3357 2 Joomla, Joomlahbs 2 Joomla, Com Hbssearch 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
CVE-2008-0561 3 Arthur Konze Webdesign, Joomla, Mambo 3 Akogallery, Joomla, Mambo 2026-04-23 N/A
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
CVE-2009-3417 2 Idojoomla, Joomla 2 Com Idoblog, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
CVE-2006-7010 1 Joomla 1 Joomla 2026-04-23 N/A
The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.
CVE-2009-4059 2 .joomclan, Joomla 2 Com Joomclip, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
CVE-2008-7169 2 Jabode, Joomla 2 Com Jabode, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
CVE-2007-0375 1 Joomla 1 Joomla 2026-04-23 N/A
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.