Filtered by vendor Joomla Subscriptions
Filtered by product Joomla\! Subscriptions
Total 589 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-4829 2 Barter-sites, Joomla 2 Com Listing, Joomla\! 2024-09-17 N/A
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVE-2021-26031 1 Joomla 1 Joomla\! 2024-09-17 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.
CVE-2010-1559 2 Joomla, Martin Hess 2 Joomla\!, Com Sermonspeaker 2024-09-17 N/A
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-3056 1 Joomla 1 Joomla\! 2024-09-17 N/A
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
CVE-2010-2033 2 Joomla, Percha 2 Joomla\!, Com Perchacategoriestree 2024-09-17 N/A
Directory traversal vulnerability in the Percha Multicategory Article (com_perchacategoriestree) component 0.6 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2021-26027 1 Joomla 1 Joomla\! 2024-09-17 5.3 Medium
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article.
CVE-2021-23131 1 Joomla 1 Joomla\! 2024-09-17 7.5 High
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.
CVE-2012-0835 1 Joomla 1 Joomla\! 2024-09-17 N/A
Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator."
CVE-2014-7983 1 Joomla 1 Joomla\! 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1950 2 Emultisoft, Joomla 2 Com Jnewspaper, Joomla\! 2024-09-17 N/A
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2036 2 Joomla, Percha 2 Joomla\!, Com Perchafieldsattach 2024-09-17 N/A
Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVE-2010-4618 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2024-09-17 N/A
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4785 2 Bhavesh Chauhan, Joomla 2 Com Quicknews, Joomla\! 2024-09-17 N/A
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
CVE-2009-4232 2 Jonijnm, Joomla 2 Com Kide, Joomla\! 2024-09-16 N/A
The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2515 2 Dacian Strain, Joomla 2 Com Jfaq, Joomla\! 2024-09-16 N/A
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information.
CVE-2009-3491 2 Joomla, Kinfusion 2 Joomla\!, Com Sportfusion 2024-09-16 N/A
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
CVE-2010-0635 2 Jevents, Joomla 2 Jevents Search Plugin, Joomla\! 2024-09-16 N/A
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2009-3817 2 Joomla, Ordasoft 2 Joomla\!, Com Booklibrary 2024-09-16 N/A
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-4911 1 Joomla 1 Joomla\! 2024-09-16 N/A
Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
CVE-2010-4718 2 Joomla, Lyften 2 Joomla\!, Com Lyftenbloggie 2024-09-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.