Lucene search
K

9816 matches found

NVD
NVD
added 2026/06/19 5:16 p.m.10 views

CVE-2017-20280

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 5:16 p.m.13 views

CVE-2017-20275

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comphpbridge&view=phpview parameters and...

8.8CVSS0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 5:15 p.m.4 views

EUVD-2019-20188

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:8 p.m.6 views

EUVD-2019-20186

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotelid parameter. Attackers can send POST requests to the search-hotels endpoint with crafted S...

8.8CVSS6.3AI score0.00366EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:5 p.m.4 views

CVE-2019-25749

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guestadult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guestadu...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/19 5:1 p.m.30 views

CVE-2019-25748 Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

8.8CVSS0.00296EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:1 p.m.16 views

CVE-2019-25748

CVE-2019-25748 affects Joomla JHotelReservation 6.0.7. The issue is an SQL injection in the rooms parameter of the search-hotels endpoint, allowing unauthenticated attackers to send crafted SQL payloads via POST requests to extract sensitive data (e.g., database version details). Documented CVSS:...

8.8CVSS6.3AI score0.00296EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:54 p.m.6 views

CVE-2017-20281

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=comextrasearch parameter and...

8.8CVSS6AI score0.00267EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/19 4:44 p.m.5 views

EUVD-2017-19005

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:38 p.m.6 views

CVE-2017-20276

Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=comsimgenealogy, view=latest parameters...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:31 p.m.4 views

EUVD-2017-19001

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cpid parameter. Attackers can send GET requests to index.php with the option=comlmsking, view=lmsking,...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 4:16 p.m.12 views

CVE-2017-20263

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.11 views

CVE-2017-20255

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...

8.8CVSS0.00334EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 4:16 p.m.13 views

CVE-2017-20261

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:14 p.m.5 views

EUVD-2017-18996

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 3:57 p.m.5 views

EUVD-2017-18991

Joomla! Component Sponsor Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comsponsorwall&task=click&wallid...

7.1CVSS6.2AI score0.00241EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 3:40 p.m.14 views

CVE-2017-20259

CVE-2017-20259 affects Joomla OSDownloads 1.7.4. The vulnerability is an SQL injection in the item view (GET parameter id) that allows unauthenticated attackers to run arbitrary SQL via index.php?option=com_osdownloads&view=item&id=[SQL], enabling extraction of credentials and configuration data....

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 3:30 p.m.29 views

CVE-2017-20256 Joomla Survey Force Deluxe 3.2.4 SQL Injection via invite Parameter

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

8.8CVSS0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 3:30 p.m.6 views

EUVD-2017-18983

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 3:17 p.m.25 views

CVE-2017-20252 Joomla NextGen Editor 2.1.0 SQL Injection via plname Parameter

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=comnge&view=config and inject malicious SQL code in the plname paramet...

8.8CVSS0.00323EPSS
Exploits0References3
Rows per page
Query Builder