38473 matches found
CVE-2019-25762
Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can send requests to index.php with option=comjpprojects&view=projects&tmpl=component&format=js...
CVE-2019-25755
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...
CVE-2019-25751
Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...
CVE-2019-25752
Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...
CVE-2019-25753
Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...
EUVD-2023-60592
Joomla combooking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer controller. Attackers can send GET requests to index.php with option=combooking,...
EUVD-2019-20197
Joomla! Component JoomCRM 1.1.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the dealid parameter. Attackers can send GET requests to index.php with option=comjoomcrm&view=contacts and inject SQL...
CVE-2019-25759
The CVE-2019-25759 entry describes an SQL injection in Joomla! component vbizz 1.0.7 where an authenticated attacker can craft the payid parameter to execute arbitrary SQL via POST to the employee management interface, potentially exposing database version and names. The provided sources confirm ...
CVE-2019-25759 Joomla! Component vBizz 1.0.7 SQL Injection
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...
EUVD-2019-20195
Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...
CVE-2019-25758
CVE-2019-25758 affects Joomla! component vBizz 1.0.7. The vulnerability is an unrestricted file upload in the profile_pic parameter, enabling authenticated attackers to upload arbitrary PHP files. By submitting malicious files via POST to the employee view endpoint, attackers can place PHP code i...
CVE-2019-25758 Joomla! Component vBizz 1.0.7 Remote Code Execution
Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...
CVE-2019-25756
CVE-2019-25756 affects Joomla! Component vAccount 2.0.2. The vulnerability is an SQL injection in the vaccount-dashboard/expense endpoint, where an unauthenticated attacker can inject payloads via the vid parameter to perform arbitrary SQL queries and exfiltrate sensitive data such as database ve...
CVE-2019-25755 Joomla vReview 1.9.11 SQL Injection via editReview
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...
EUVD-2019-20191
Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION...
EUVD-2019-20190
Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL...
CVE-2017-20278
Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...
CVE-2017-20269
Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...
CVE-2019-25752 Joomla! Component J-BusinessDirectory 4.9.7 SQL Injection
Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...
CVE-2019-25751 Joomla J-ClassifiedsManager 3.0.5 SQL Injection
Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...