21 matches found
EUVD-2012-4459
Malware in sbrugna...
EUVD-2010-4890
Malware in sbrugna...
EUVD-2006-3476
Malware in sbrugna...
EUVD-2025-16992
Malicious code in bioql PyPI...
EUVD-2025-21869
Malicious code in bioql PyPI...
Joomla! 4.x < 4.4.14 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.x prior to 4.4.14 or 5.x prior to 5.3.4. It is, therefore, affected by multiple vulnerabilities. - Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in...
CVE-2025-54298
A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered...
CVE-2025-54294
CVE-2025-54294 describes a SQL injection vulnerability in the StackIdeas Komento component for Joomla, affecting versions 4.0.0–4.0.7. The issue allows unprivileged users to execute arbitrary SQL commands. The cited sources consistently tie the flaw to a SQL injection in Komento’s Joomla integrat...
CVE-2025-50058
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component...
CVE-2025-27753 Extension - rsjoomla.com - A SQLi vulnerability RSMediaGallery component 1.7.4 - 2.1.6 for Joomla
A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized...
CVE-2011-2509
Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the comcontact component, as demonstrated by the Itemid parameter to index.php; 2 the query string to the comcontent component, as...
CVE-2025-22211 Extension - webdesigner-profi.de - SQL injection in JoomShopping component version 1.0.0 - 5.5.5 for Joomla
A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the country management area in backend...
CVE-2025-22210
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the category management area in backend...
CVE-2025-22210 Extension - hikashop.com - SQL injection in Hikashop component version 3.3.0 - 5.1.4 for Joomla
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the category management area in backend...
CVE-2025-22210 Extension - hikashop.com - SQL injection in Hikashop component version 3.3.0 - 5.1.4 for Joomla
A SQL injection vulnerability in the Hikashop component versions 3.3.0-5.1.4 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands in the category management area in backend...
CVE-2023-23750 [20230101] - Core - CSRF within post-installation messages
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages...
Juumla - Tool Designed To Identify And Scan For Version, Config Files In The CMS Joomla!
Juumla is a python tool developed to identify the current Joomla version and scan for readable Joomla config files. Installing / Getting started A quick guide of how to install and use Juumla. 1. Clone the repository - git clone https://github.com/oppsec/juumla.git 2. Install the libraries - pip3...
Joomla! 1.7.x < 3.9.23 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 1.7.x prior to 3.9.23. It is, therefore, affected by multiple vulnerabilities. - The autosuggestion feature of comfinder did not respect the access level of the corresponding terms. - The globlal...
Creative Contact Form extension path traversal vulnerability
Creative Contact Form is a responsive jQuery contact form for Joomla! A path traversal vulnerability exists in the helpers/mailer.php file in the Creative Contact Form extension version 4.6.2 for Joomla! prior to 2019-12-03. The vulnerability stems from a failure of a networked system or product ...
Joomla! 1.7.x < 3.8.2 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by an authentication bypass and multiple information disclosure vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...