Search Results (631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4927 2 Joomla, Photoindochina 2 Joomla\!, Com Restaurantguide 2025-04-11 N/A
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
CVE-2010-4928 2 Joomla, Photoindochina 2 Joomla\!, Com Restaurantguide 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML by placing it after a > (greater than) character.
CVE-2010-4929 2 Joomla, Joostina-cms 2 Joomla\!, Com Ezautos 2025-04-11 N/A
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.
CVE-2010-4941 2 Joomla, Joomlamo 2 Joomla\!, Com Teams 2025-04-11 N/A
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
CVE-2010-4944 2 Joomla, Mambo-foundation 3 Com Elite Experts, Joomla\!, Mambo 2025-04-11 N/A
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
CVE-2010-4945 1 Joomla 2 Com Camelcitydb2, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2010-4949 2 Evnix, Joomla 3 Freichat, Freichatpure, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
CVE-2010-5022 2 Harmistechnology, Joomla 2 Com Jesubmit, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
CVE-2010-5032 2 Joomla, Tamlyncreative 2 Joomla\!, Com Bfquiztrial 2025-04-11 N/A
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
CVE-2010-5053 2 Joomla, Php-shop-system 2 Joomla\!, Com Xobbix 2025-04-11 N/A
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
CVE-2011-5099 2 Chillcreations, Joomla 2 Mod Ccnewsletter, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-5280 2 Joomla, Joomla-cbe 2 Joomla\!, Com Cbe 2025-04-11 N/A
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabname parameter in a userProfile action to index.php. NOTE: this can be leveraged to execute arbitrary code by using the file upload feature.
CVE-2010-5286 2 Joobi, Joomla 2 Com Jstore, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2011-5148 2 Joomla, Wasen 2 Joomla\!, Mod Simplefileupload 2025-04-11 N/A
Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. .php.jpg) extension, then accessing it via a direct request to the file in images/, as exploited in the wild in January 2012.
CVE-2011-5004 2 Fabrikar, Joomla 2 Com Fabrikar, Joomla\! 2025-04-11 N/A
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2011-5134 2 Joomla, Widgetfactorylimited 2 Joomla\!, Com Jce 2025-04-11 N/A
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. NOTE: some of these details are obtained from third party information.
CVE-2012-0819 1 Joomla 1 Joomla\! 2025-04-11 N/A
Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821.
CVE-2012-0820 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.
CVE-2012-1018 2 Dmackmedia, Joomla 2 Mod Currencyconverter, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.
CVE-2013-5583 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.