Search Results (864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4583 1 Joomla 2 Com Dhforum, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.
CVE-2009-4598 2 Corephp, Joomla 2 Com Jphoto, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
CVE-2009-4599 2 Joomla, Joomshark 2 Joomla, Com Jsjobs 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
CVE-2009-4619 2 Joomla, Lucygames 2 Joomla\!, Com Lucygames 2026-04-23 N/A
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4628 2 Joomla, Templateplaza 2 Joomla\!, Com Tpdugg 2026-04-23 N/A
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.
CVE-2008-1848 2 Joomla, Joomlacode 2 Joomla, Joomlaexplorer 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter in a show_error action to index.php.
CVE-2009-2239 1 Joomla 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more 2026-04-23 N/A
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2008-4668 1 Joomla 2 Com Imagebrowser, Joomla 2026-04-23 N/A
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVE-2008-2564 1 Joomla 2 Com Jotloader, Joomla 2026-04-23 N/A
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2009-4059 2 .joomclan, Joomla 2 Com Joomclip, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
CVE-2008-2990 2 Joomla, Mambo 3 Com Facileforms, Joomla, Com Facileforms 2026-04-23 N/A
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
CVE-2008-1849 3 Joomla, Joomlacode, Mambo 3 Joomla, Joomlaexplorer, Mambo 2026-04-23 N/A
Directory traversal vulnerability in index.php in the joomlaXplorer (com_joomlaxplorer) Mambo/Joomla! component 1.6.2 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter in a show_error action.
CVE-2008-4104 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2009-4217 2 Itamar Elharar, Joomla 2 Com Musicgallery, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1258 2 Joomla, Rd-media 2 Joomla, Com Rdautos 2026-04-23 N/A
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4431 2 Anything-digital, Joomla 2 Com Jcalpro, Joomla\! 2026-04-23 N/A
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-0730 3 Gigcalendar, Joomla, Mambo 3 Com Gigcalendar, Joomla, Mambo 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
CVE-2007-6643 1 Joomla 1 Joomla 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-6489 2 Huseyin Bora Abaci, Joomla 2 Com Myalbum, Joomla 2026-04-23 N/A
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php.
CVE-2006-6834 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."