457205 matches found
EUVD-2017-18991
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2017-20264
Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...
CVE-2017-20263 Joomla! FocalPoint Pro Free 1.2.3 SQL Injection via location
Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...
EUVD-2017-18990
Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...
CVE-2017-20263
CVE-2017-20263 affects Joomla! FocalPoint Pro/Free 1.2.3. An SQL injection vulnerability exists in the location view when processing the id parameter, allowing unauthenticated attackers to inject SQL via HTTP GET to index.php with option=com_focalpoint, view=location, and crafted id values to exf...
EUVD-2017-18989
Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...
CVE-2017-20262
CVE-2017-20262 affects the Joomla! extension Ajax Quiz (version 1.8). The vulnerability is an SQL injection in the cid parameter, exploitable via GET requests to index.php with option=com_ajaxquiz and view=ajaxquiz. An unauthenticated attacker can execute arbitrary SQL and retrieve sensitive data...
CVE-2017-20262 Joomla! Component Ajax Quiz 1.8 SQL Injection
Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...
EUVD-2017-18988
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...
CVE-2017-20261 Joomla! Component Bargain Product VM3 1.0 SQL Injection
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...
CVE-2017-20261
CVE-2017-20261 affects Joomla! Component Bargain Product VM3 1.0. It is an SQL injection vulnerability in the product_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by injecting code via GET requests to the brainy and alice views, enabling extraction of sensit...
EUVD-2017-18987
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...
CVE-2017-20260
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...
CVE-2017-20260
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter in the subscribeajax view. Attackers can craft SQL payloads to extract sensitive database...
CVE-2017-20260 Joomla! Component Price Alert 3.0.2 SQL Injection
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the...
EUVD-2017-18986
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...
CVE-2017-20259 Joomla OSDownloads 1.7.4 SQL Injection via item view
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comosdownloads&view=item&id=SQL to extract sensiti...
CVE-2017-20259
CVE-2017-20259 affects Joomla OSDownloads 1.7.4. The vulnerability is an SQL injection in the item view (GET parameter id) that allows unauthenticated attackers to run arbitrary SQL via index.php?option=com_osdownloads&view=item&id=[SQL], enabling extraction of credentials and configuration data....
CVE-2017-20258
CVE-2017-20258 concerns the Joomla! extension RPC Responsive Portfolio 1.6.1 . The vulnerability is an SQL injection in the affected component, exploitable by unauthenticated attackers via a crafted HTTP GET request to index.php with the query string option=com_pofos&view=pofo&id=[SQL]. The under...
CVE-2017-20258 Joomla! Component RPC Responsive Portfolio 1.6.1 SQL Injection
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...