Filtered by vendor Joomla Subscriptions
Total 921 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2009-3332 2 Joomla, Sopinet 2 Joomla, Com Jbudgetsmagic 2024-11-21 N/A
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
CVE-2009-3325 2 Focusdev, Joomla 2 Com Surveymanager, Joomla 2024-11-21 N/A
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
CVE-2009-3318 2 Breedveld, Joomla 2 Com Album, Joomla 2024-11-21 N/A
Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
CVE-2009-3316 2 Jforjoomla, Joomla 2 Com Jreservation, Joomla 2024-11-21 N/A
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
CVE-2009-3215 2 Joomla, Php-shop-system 2 Joomla, Ixxo Cart 2024-11-21 N/A
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
CVE-2009-3193 2 Joomla, Uwix 2 Joomla, Com Digifolio 2024-11-21 N/A
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
CVE-2009-3155 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
CVE-2009-3154 2 Almondsoft, Joomla 2 Com Aclassf, Joomla 2024-11-21 N/A
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
CVE-2009-3063 2 Indianpulses, Joomla 2 Com Gameserver, Joomla 2024-11-21 N/A
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
CVE-2009-3054 2 Artetics, Joomla 2 Com Artportal, Joomla 2024-11-21 N/A
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
CVE-2009-3053 2 Joomla, Jvitals 2 Joomla, Com Agora 2024-11-21 N/A
Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php.
CVE-2009-2789 2 Joomla, Permis 2 Joomla, Com Groups 2024-11-21 N/A
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2782 2 Jfusion, Joomla 2 Com Jfusion, Joomla 2024-11-21 N/A
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2009-2638 2 Joomla, Konze 2 Joomla, Com Akobook 2024-11-21 N/A
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
CVE-2009-2637 2 Joomla, Ordasoft 2 Joomla, Com Booklibrary 2024-11-21 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2635 2 Joomla, Ordasoft 2 Joomla, Com Realestatemanager 2024-11-21 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2634 2 Joomla, Ordasoft 2 Joomla, Com Medialibrary 2024-11-21 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2633 2 Joomla, Ordasoft 2 Joomla, Com Vehiclemanager 2024-11-21 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2009-2609 2 Amotools, Joomla 2 Com Amocourse, Joomla 2024-11-21 N/A
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
CVE-2009-2607 2 Joomla, Pinme 2 Joomla, Com Pinboard 2024-11-21 N/A
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.