PT-2025-30567 · Komento +1 · Komento +1

Name of the Vulnerable Software and Affected Versions: Komento versions 4.0.0 through 4.0.7 Description: A SQL injection flaw exists in the Komento component for Joomla. This issue permits unprivileged users to execute arbitrary SQL commands. Recommendations: Update Komento to a version newer tha...

BIT-JOOMLA-2024-40749 [20250103] - Core - Read ACL violation in multiple core views

Improper Access Controls allows access to protected views...

BIT-JOOMLA-2022-23793 [20220301] - Core - Zip Slip within the Tar extractor

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path...

BIT-JOOMLA-2020-11889

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of comusers allow the unauthorized deletion of usergroups...

CVE-2025-22206

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature...

PT-2024-19021 · Joomla · Dp Calendar

Name of the Vulnerable Software and Affected Versions: DP Calendar component for Joomla affected versions not specified Description: The issue is related to a XSS vulnerability in the DP Calendar component for Joomla. There is no information provided about the estimated number of potentially...

Joomla! allows attackers to access cached pages

The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors...