EUVD-2019-20194

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

CVE-2019-25749 Joomla J-CruisePortal 6.0.4 SQL Injection via cruises

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guestadult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guestadu...

CVE-2017-20262

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=comajaxquiz and view=ajaxquiz paramete...

PT-2026-50952

Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...

PT-2026-50944

Name of the Vulnerable Software and Affected Versions Joomla! Component Calendar Planner version 1.0.1 Description An SQL injection allows unauthenticated attackers to inject SQL commands via the category id parameter. By sending GET requests to the events view containing malicious SQL code in th...

CVE-2026-48901 Joomla! Core - [20260517] - Incorrect Cache Key Construction for InputFilter objects

The InputFilter::getInstance method omitted a security sensitive parameter from the instance cache key...

EUVD-2020-31227

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' values to extract...

CVE-2023-40630

Unauthenticated LFI/SSRF in JCDashboards component for Joomla...

CVE-2018-10727

Reflected Cross-Site Scripting XSS vulnerability in the fabrikreferrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header...

CVE-2009-4784

SQL injection vulnerability in the Joaktree comjoaktree component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php...

CVE-2010-0982

Directory traversal vulnerability in the CARTwebERP comcartweberp component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-0801

Directory traversal vulnerability in the AutartiTarot comautartitarot component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller parameter in an edit task to...

CVE-2010-0692

SQL injection vulnerability in the IP-Tech JQuarks comjquarks Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information...

CVE-2019-18674

An issue was discovered in Joomla! before 3.9.13. A missing access check in the phputf8 mapping files could lead to a path disclosure...

CVE-2020-10240

An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses...

CVE-2020-10239

An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of comfields allows access for non-superadmin users...

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

CVE-2020-10241

An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of comtemplates lead to CSRF...

CVE-2006-1047

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

CVE-2019-12766

An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...