Filtered by vendor Joomla
Subscriptions
Filtered by product Joomla\!
Subscriptions
Total
589 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-23127 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 9.1 Critical |
An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes. | ||||
CVE-2020-35615 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.3 Medium |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability. | ||||
CVE-2011-2488 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2010-4166 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. | ||||
CVE-2010-3422 | 2 Joomla, Solventus | 2 Joomla\!, Com Jgen | 2024-09-16 | N/A |
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | ||||
CVE-2020-35612 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 7.5 High |
An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability. | ||||
CVE-2010-4938 | 1 Joomla | 2 Com Weblinks, Joomla\! | 2024-09-16 | N/A |
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2010-4904 | 2 Joomla, Simon Philips | 2 Joomla\!, Com Aardvertiser | 2024-09-16 | N/A |
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2012-1599 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. | ||||
CVE-2022-27911 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes. | ||||
CVE-2020-35614 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page. | ||||
CVE-2010-2681 | 1 Joomla | 2 Com Sef, Joomla\! | 2024-09-16 | N/A |
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php. | ||||
CVE-2022-27912 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 5.3 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests. | ||||
CVE-2009-4233 | 2 Joomla, Youjoomla | 2 Joomla\!, Yj Whois | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2021-23129 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.1 Medium |
An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. | ||||
CVE-2022-23798 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.1 Medium |
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | ||||
CVE-2022-27914 | 1 Joomla | 1 Joomla\! | 2024-09-16 | 6.1 Medium |
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media. | ||||
CVE-2010-1480 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2024-09-16 | N/A |
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2014-7982 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2011-4909 | 1 Joomla | 1 Joomla\! | 2024-09-16 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php. |