Lucene search
K
JoomlaMost viewed

747 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/03 12:0 a.m.•15 views

ZH Yandex Map, 6.1.1.0, SQL Injection

ZH Yandex Map, 6.1.1.0 and previous versions, SQL Injection Resolution: update to 6.2.0.0 Update notice: http://zhuk.cc/2017/10/05/zh-yandexmap-security-update/...

1.7AI score
Exploits0References3
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/27 6:23 p.m.•15 views

Keen IT Photo Contest, 1.0.2, SQL Injection

Keen IT Photo Contest, 1.0.2, SQL Injection...

2.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/15 12:0 a.m.•15 views

Checklist by Joomplace,1.1.0,SQL Injection

Checklist by Joomplace, 1.1.0, SQL Injection Resolution: update to 1.1.1 Update notice: https://www.joomplace.com/blog/checklist-security-update.html...

0.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/07 12:0 a.m.•15 views

Simgenealogy,2.1.7,SQL Injection

Simgenealogy by Simbunch.com, 2.1.7 and previous, SQL Injection resolution: update to 2.1.8 update notice: https://www.simbunch.com/blog/183-simgenealogy-critical-security-update-2-1-8...

1.6AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/04 12:0 a.m.•15 views

Akeeba Backup, 5.5.1, various issues

Akeeba Backup, versions 5.5.1 and previous, various issues see developer's site for details Resolution: update to 5.5.2 Update notice: https://www.akeebabackup.com/component/ars/?view=Itemsid=2732...

7AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/29 12:0 a.m.•15 views

LMS King Lite, SQL Injection

LMS King Lite and LMS King Professional by king-products.net, versions up to 3.2.3.19 lite and 3.2.3.47 pro, SQL Injection resolution: update to version 3.2.3.20 lite and 3.2.3.48 pro update notice url: https://www.king-products.net/lms-king.html...

1.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/21 10:33 a.m.•15 views

Appointment, v1.1 ,SQL Injection

Appointment by Harmis Technology joomlaextensions.co.in, v1.1, SQL Injection...

1.3AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/24 10:51 p.m.•15 views

JoomRecipe,1.0.3,SQL Injection

JoomRecipe ,1.0.3,SQL Injection UpdateNotice URL https://www.joomboost.com/blog-updates/entry/joomrecipe-version-1-0-4-security-announcement.html changelog Changelog Url https://www.joomboost.com/components-changelogs/60-joomrecipe-changelog.html...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/05 12:0 a.m.•15 views

guesser, 1.0.4

guesser by bitsgeo.com, 1.0.4, SQL Injection...

2.1AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/12/04 12:0 a.m.•15 views

[20161204] - Misc. Security Hardening

Joomla! 3.6.5 includes additional security hardening mechanisms prepared by the JSST, thanks in part to issue reports from Fotis Evangelou and Nicholas Dionysopoulos, which restricts a user's ability to make potentially damaging configuration changes. This includes restricting the ability to set...

5.8AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/08/13 12:0 a.m.•15 views

Huge IT Catalog,1.0.6,SQL Injection

Huge IT Catalog,1.0.6 and previous versions ,SQL Injection and XSS vulnerability Resolution: update to 1.0.8 Update notice: https://huge-it.com/joomla-extensions-security-notice/...

2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/04/24 12:0 a.m.•15 views

gmapfp,3.39f,XSS (Cross Site Scripting)

gmapfp,3.39f and previos,XSS Cross Site Scripting Info disclosure, arbitrary fileupload resolution: update to J3.41F update notice:http://gmapfp.org/en/news-of-gmapfp/39-strengthening-of-the-security-component...

0.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/29 12:0 a.m.•15 views

Spider random articles before 1.5.3

Spider random articles versions before 1.5.3 Resolution: update to 1.5.3 Update notice: https://web-dorado.com/products/joomla-random.html...

1.8AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2016/02/29 12:0 a.m.•15 views

Form Maker before 3.6.0

Web Dorado Form Maker versions before 3.6.0 XSS Resolution: update to 3.6.0 Update notice: https://web-dorado.com/products/joomla-form.html...

1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/12/09 5:7 p.m.•15 views

HDFLVPlayer 2.2 + previous

Joomla HDFLVPlayer plugin versions 2.2 and previous SQL Injection Version 2.3 Fixed SQL injection in download.php file.https://www.apptha.com/category/extension/Joomla/HD-FLV-Player Version 2.2 Resolved cross domain issue in download.php & email.php files...

8.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/04/29 8:3 p.m.•15 views

civic crm 422

upload exploit /RFI 260413 developer http://civicrm.org/category/civicrm-blog-categories/civicrm-v43 release 4.3.1 Authors:...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/10/28 12:0 a.m.•15 views

[20111103] - Core - Password Change

Weak random number generation during password reset leads to possibility of changing a user's password...

7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/07/11 12:0 a.m.•15 views

[20110701] - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/21 12:0 a.m.•14 views

[20260519] - Framework - Inadequate content filtering within the checkAttribute filter code

Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components...

6.9CVSS5.8AI score0.00144EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/15 12:0 a.m.•14 views

[20260513] - Core - Privilege escalation through com_users batch task

An improper access check allows privlege escalation through the comusers batch task...

9.8CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/01 12:0 a.m.•14 views

[20260512] - Core - MFA Authentication Bypass

Incorrectly resetted session states to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/08/16 10:38 p.m.•14 views

JS Jobs extension (v1.4.2)

JS Jobs extension v1.4.2 sqli...

7.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/09/29 12:0 a.m.•14 views

EDocman, 1.23.3, XSS (Cross Site Scripting)

developer update https://joomdonation.com/forum/edocman/75400-01st-august-2023-new-version-1-24-7-xss-issue-fixed.html...

7.2AI score
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/08/14 7:28 p.m.•14 views

kunena, 5.0.x - 5.1.14 ,XSS (Cross Site Scripting)

kunena, 5.0.x - 5.1.14 ,XSS Cross Site Scripting Developer statement https://www.kunena.org/blog/207-kunena-5-1-14-released...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/17 4:57 p.m.•14 views

Jevents 3.4.49 Various

Jevents 3.4.49 Various UpdateNotice URL https://www.jevents.net/blog/jevents-3-4-50-released-all-users-should-upgrade...

0.4AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/12/22 12:0 a.m.•14 views

Next Gen Editor,2.1.0,SQL Injection

Next Gen Editor, 2.1.0, SQL Injection and multiple other vulnerabilities resolution: update to version 2.2.0 update notice: http://nextgeneditor.com/index.php/en/support/forum/installation-issues/3957-new-security-release...

1.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/29 12:0 a.m.•14 views

Price Alert for Virtuemart,3.0.4,SQL Injection

Price Alert for Virtuemart by WebOrange, 3.0.4 and all previous, SQL Injection...

3.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/09/01 12:0 a.m.•14 views

Event Registration Pro,4.1.3,SQL Injection

Event Registration Pro, 4.1.3 and previous, SQL Injection Resolution: update to version 4.1.4 Update notice: https://www.joomlashowroom.com/blog/event-registration-pro-4-1-4-security-release...

2.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/15 10:48 a.m.•14 views

J-CruiseReservation,3.0,SQL Injection

J-CruiseReservation by CMS Junkie, 3.0, SQL Injection...

2.3AI score
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/09 12:0 a.m.•14 views

Vehicle Manager,3.9.4,SQL Injection

Vehicle Manager by Ordasoft,3.9.4, SQL Injection Resolution: update to 3.9.5 Update Notice URL http://ordasoft.com/News/News/vehicle-manager-security-update.html...

0.7AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/08 12:0 a.m.•14 views

MediaLibrary,3.5.4, SQL Injection

MediaLibrary by Ordasoft, 3.5.4, SQL Injection Resolution: update to 3.5.5 Update notice: http://ordasoft.com/News/News/media-library-security-update.html...

1.3AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/12/25 10:20 a.m.•14 views

Eshop, versions before 1.4.4

Joomdonation extensions, Information Disclosure Eshop versions before 1.4.4 Resolution: update to 1.4.4 Update notice URL: http://joomdonation.com/forum/released-versions/50510-eshop-1-4-4-was-released-at-december-25-2015.html73480...

0.6AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/12/25 10:20 a.m.•14 views

Memberhsip Pro, versions before 2.1.1

Joomdonation extensions, Information Disclosure Memberhsip Pro versions before 2.1.1 Resolution: update to 2.1.1 Update notice URL: http://joomdonation.com/forum/membership-pro/50512-membership-pro-version-2-1-1-released.html...

0.9AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/12/25 10:20 a.m.•14 views

Joom Donation, versions before 4.1, Information Disclosure

Joomdonation extensions, Information Disclosure Joom Donation versions before 4.1 Resolution: update to 4.1 Update notice URL: http://joomdonation.com/forum/joom-donation/50513-joom-donation-version-4-1-released.html...

0.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/14 12:0 a.m.•14 views

Spider Form Maker by Web-Dorado [com_formmaker],3.4 and lower

Spider Form Maker by Web-Dorado comformmaker,3.4 and lower,SQL Injection Developer statement This vulnerability was fixed in version 3.4.1 and above. The version 3.4.1 was released on 2014-09-10...

4.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2014/03/07 6:22 p.m.•14 views

Codels codehighlighter 1.4

Codels plgcontentcodehighlighter version 1.4 and previous. XSS Cross Site Scripting...

2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/09/26 3:41 a.m.•14 views

My Blog, 2.0.1 Build 286,

My Blog, 2.0.1 Build 286, SQL Injection...

1.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2013/06/01 9:29 p.m.•14 views

Master Password,

Master Password, 1.5 and any previous, Information Disclosure This extension appears to have been abandoned by the developer...

2.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2008/10/03 12:0 a.m.•14 views

[20081101] - Core - com_content XSS vulnerability

The defaults on comcontent article submission allow entry of dangerous HTML tags script, etc. This only affects users with access level Author or higher, and only if you have not set filtering options in comcontent configuration...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/04/01 12:0 a.m.•13 views

[20260511] - Core - MFA Authentication Bypass

Insufficient state checks lead to a vector that allows to bypass 2FA checks...

8.2CVSS5.8AI score0.00297EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/03/11 12:0 a.m.•13 views

[20260303] - Core - XSS vector in com_associations comparison view

Lack of output escaping leads to a XSS vector in the multilingual associations component...

8.4CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2026/02/24 12:0 a.m.•13 views

EasyDiscuss by Stackideas,, , SQL Injection

EasyDiscuss by Stackideas,, , SQL Injection...

5.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/10/19 4:42 p.m.•13 views

Phoca commander

Name: Phoca Company: - Email: [email protected] Extension: Phoca Commander Version: Old 4.0.0, 5.0.1 / New 4.0.2, 5.0.3 Update details: No access for unzip feature as default Update URL: https://github.com/PhocaCz/PhocaCommander/releases/tag/5.0.2 Changelog URL: Download URL:...

7AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/09/29 12:0 a.m.•13 views

[20260102] - Core - XSS vectors in the pagebreak and pagenavigation plugins

Lack of output escaping leads to a XSS vector in the pagebreak and pagenavigation plugins...

8.4CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2024/08/29 12:0 a.m.•13 views

[20250101] - Core - XSS vectors in module chromes

Various module chromes didn't properly process inputs, leading to XSS vectors...

6.1CVSS5.9AI score0.00242EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/06/14 9:30 a.m.•13 views

Community Builder, 2.4.2

Community Builder, 2.4.1 and previous, resolution: update to 2.4.2 update notice: https://www.joomlapolis.com/news/18843-community-builder-2-4-2-security-maintenance-and-features-release...

7.1AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/05 12:0 a.m.•13 views

Vik Rent Car 1.10 and previous

Vik Rent Car 1.10 and previous, SQL injection Resolution: update to 1.11 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/16 12:2 p.m.•13 views

J-Hotel Portal,6.0.2,SQL Injection

J-Hotel Portal by cmsjunkie.com, 6.0.2, SQL Injection...

1.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/09 10:45 p.m.•13 views

Magic Deals Web by Jason Web Design,1.2.0,SQL Injection

Magic Deals Web by Jason Web Design, 1.2.0, SQL Injection...

1.7AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/01/11 12:0 a.m.•13 views

RSMonials,2.2 and previous,XSS (Cross Site Scripting)

RSMonials, 2.2 and previous versions, XSS Cross Site Scripting also insecure file upload...

2.3AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities747