Search Results (991 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4789 2 Joomla, Mojoblog 2 Joomla, Mojoblog 2025-04-11 N/A
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.
CVE-2009-4785 2 Bhavesh Chauhan, Joomla 2 Com Quicknews, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
CVE-2009-4784 2 Joaktree, Joomla 2 Com Joaktree, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.
CVE-2009-4679 2 Inertialfate, Joomla 2 Com If Nexus, Joomla\! 2025-04-11 N/A
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVE-2009-4651 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unspecified vectors.
CVE-2009-4650 2 Joomla, Onnogroen 2 Joomla\!, Com Webeecomment 2025-04-11 N/A
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
CVE-2008-7302 2 Joomla, Netshinesoftware 2 Joomla\!, Com Netinvoice 2025-04-11 N/A
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
CVE-2006-7247 2 Joomla, Mambo-foundation 3 Com Weblinks, Joomla\!, Mambo 2025-04-11 N/A
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2023-23750 1 Joomla 1 Joomla\! 2025-03-29 6.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2024-21724 1 Joomla 1 Joomla\! 2025-03-29 6.1 Medium
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVE-2023-23751 1 Joomla 1 Joomla\! 2025-03-29 4.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2024-26279 1 Joomla 1 Joomla\! 2025-03-26 6.1 Medium
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
CVE-2024-21729 1 Joomla 1 Joomla\! 2025-03-26 6.1 Medium
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
CVE-2024-21730 1 Joomla 1 Joomla\! 2025-03-20 5.4 Medium
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
CVE-2024-26278 1 Joomla 1 Joomla\! 2025-03-14 4.6 Medium
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
CVE-2024-21731 1 Joomla 1 Joomla\! 2025-03-14 6.1 Medium
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
CVE-2023-23754 1 Joomla 1 Joomla\! 2025-01-10 6.1 Medium
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
CVE-2023-23755 1 Joomla 1 Joomla\! 2025-01-10 7.5 High
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
CVE-2023-40626 1 Joomla 1 Joomla\! 2024-12-04 7.5 High
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVE-2022-27914 1 Joomla 1 Joomla\! 2024-11-26 6.1 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.