Lucene search
K
JoomlaMost viewed

725 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/02/07 12:0 a.m.47 views

[20200304] - Core - Identifier collisions in com_users

Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses...

5.3CVSS3AI score0.01205EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/03/07 12:0 a.m.47 views

Street Guesser,1.1.7,SQL Injection

Street Guesser by Nordmograph,1.1.7,SQL Injection resolution: update to 1.1.8 update notice: https://www.nordmograph.com/extensions/index.php?option=comvirtuemart=productdetailsproductid=160categoryid=1=58...

7.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/01/31 12:0 a.m.46 views

[20200303] - Core - Incorrect Access Control in com_templates

Various actions in comtemplates lack the required ACL checks, leading to various potential attack vectors...

7.5CVSS4.5AI score0.05578EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/07/27 12:0 a.m.46 views

[20170902] - Core - LDAP Information Disclosure

Inadequate escaping in the LDAP authentication plugin can result into a disclosure of username and password...

9.8CVSS9.1AI score0.06333EPSS
Exploits3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/10/26 12:0 a.m.46 views

[20161202] - Core - Shell Upload

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded...

9.8CVSS2.2AI score0.01883EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/02/15 12:0 a.m.46 views

[20130404] - Core - XSS Vulnerability

Use of old version of Flash-based file uploader leads to XSS vulnerability...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/10/06 12:0 a.m.45 views

[20201103] - Core - Path traversal in mod_random_image

The folder parameter of modrandomimage lacked input validation, leading to a path traversal vulnerability...

7.5CVSS3.6AI score0.01578EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/09/01 12:0 a.m.45 views

[20210102] - Core - XSS in mod_breadcrumbs aria-label attribute

Lack of escaping in modbreadcrumbs aria-label attribute allows XSS attacks...

6.1CVSS3.3AI score0.81167EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/07/05 12:0 a.m.45 views

[20200802] - Core - Open redirect in com_content vote feature

Lack of input validation in comcontent leads to an open redirect...

6.1CVSS1.9AI score0.01158EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/12/25 12:0 a.m.45 views

[20200103] - Core - XSS in com_actionlogs

Inadequate escaping of usernames allow XSS attacks in comactionlogs...

6.1CVSS6.9AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/12/04 12:0 a.m.45 views

[20190102] - Core - Stored XSS in com_contact

Inadequate escaping in comcontact leads to a stored XSS vulnerability...

6.1CVSS5.7AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/23 12:0 a.m.45 views

Timetable Responsive Schedule, 1.6, SQL injection

Timetable Responsive Schedule For Joomla by QuanticaLabs, versions 1.6. and previous, SQL injection Resolution: update to 1.7 update notice: https://codecanyon.net/item/timetable-responsive-schedule-for-joomla/9749539item-descriptionupdates...

9.8CVSS1.6AI score0.19493EPSS
Exploits5References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/03 12:0 a.m.45 views

Big File Uploader by Prismanet,1.0.2, Insecure File Upload

Big File Uploader by Prismanet, 1.0.2, Insecure File Upload...

1.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2008/11/09 12:0 a.m.45 views

[20081102] - Core - com_weblinks XSS vulnerability

comweblinks allows raw HTML into the title and description tags for weblink submissions from both the administrator and site submission forms...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/01/07 12:0 a.m.43 views

[20120307] - Core - Information Disclosure

Inadequate permission checking allows unauthorised viewing of some administrative back end information...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/04/29 12:0 a.m.42 views

[20230502] - Core - Bruteforce prevention within the mfa screen

Joomla! CMS versions 4.2.0-4.3.1...

7.5CVSS6.9AI score0.0056EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/06/08 12:0 a.m.42 views

[20210702] - Core - DoS through usergroup table manipulation

Missing validation of input could lead to a broken usergroups table...

7.5CVSS1.7AI score0.01439EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/12/30 9:47 p.m.42 views

RealPin by Frumania, SQL, 1.5.04

Name: Realpin Old 1.5.04 / New 1.6.0 Update details: Fixed risk of SQL Injection Update URL: https://realpin.frumania.com/...

0.4AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/06 12:0 a.m.42 views

[20200603] - Core - XSS in com_modules tag options

Incorrect input validation of the module tag option in commodules allow XSS attacks...

6.1CVSS3.1AI score0.0096EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/04/23 12:0 a.m.42 views

[20180601] - Core - Local File Inclusion with PHP 5.3

Our autoload code checks classnames to be valid, using the "classexists" function in PHP. In PHP 5.3 this function validates invalid names as valid, which can result in a Local File Inclusion...

8.8CVSS1.7AI score0.02319EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/10/31 12:0 a.m.42 views

[20171102] - Core - 2-factor-authentication bypass

A bug allowed third parties to bypass a user's 2-factor-authentication method...

9.8CVSS9.1AI score0.03869EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2009/07/28 12:0 a.m.42 views

[20090723] - Core - com_mailto Timeout Issue

In commailto, it was possible to bypass timeout protection against sending automated emails...

6.9AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/06/21 12:0 a.m.41 views

[20201101] - Core - com_finder ignores access levels on autosuggest

The autosuggestion feature of comfinder did not respect the access level of the corresponding terms...

7.5CVSS2.7AI score0.01316EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/05/02 12:0 a.m.41 views

RSForm! Pro,2.2.0 (March 2019),Other

RSForm! Pro,2.2.0 March 2019,Other new version number 2.2.1 UpdateNotice URL https://www.rsjoomla.com/blog/view/468-csv-vulnerability-explained.html...

1.1AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/03/04 12:0 a.m.40 views

[20220305] - Core - Inadequate filtering on the selected Ids

Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection...

9.8CVSS1.5AI score0.01059EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2019/11/22 12:0 a.m.40 views

[20191201] - Core - Path Disclosure in framework files

Missing access check in framework files could lead to a path disclosure...

5.3CVSS7.2AI score0.01101EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/11/29 12:0 a.m.40 views

[20190103] - Core - Stored XSS issue in the Global Configuration textfilter settings

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS...

4.8CVSS5.6AI score0.035EPSS
Exploits5Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/10/28 12:0 a.m.40 views

[20180509] - Core - XSS vulnerability in the media manager

Inadequate filtering of file and folder names lead to various XSS attack vectors in the media manager...

6.1CVSS7.3AI score0.01413EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/08/15 12:0 a.m.39 views

[20201105] - Core - User Enumeration in backend login

Improper handling of the username leads to a user enumeration attack vector in the backend login page...

5.3CVSS2.1AI score0.01079EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/06/21 12:0 a.m.39 views

[20181002] - Core - Inadequate default access level for com_joomlaupdate

Joomla’s comjoomlaupdate allows the execution of arbitrary code. The default ACL config enabled access of Administrator-level users to access comjoomlaupdate and trigger a code execution...

7.2CVSS6.6AI score0.02694EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/05/14 12:0 a.m.39 views

[20180506] - Core - Filter field in com_fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

6.5CVSS5.2AI score0.01991EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2013/06/25 12:0 a.m.39 views

[20130801] - Core - Unauthorised Uploads

Inadequate filtering leads to the ability to bypass file type upload restrictions...

7.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2012/02/03 12:0 a.m.39 views

[20120308] - Core - XSS Vulnerability

Inadequate filtering in update manager leads to XSS vulnerability...

6.2AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/03/30 12:0 a.m.38 views

YooRecipe, All,

SQL injection vulnerability possibly all versions abandoned extension...

3.7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/09/01 12:0 a.m.38 views

[20210103] - Core - XSS in com_tags image parameters

Lack of escaping of image-related parameters in multiple comtags views cause lead to XSS attack vectors...

6.1CVSS3.2AI score0.00763EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/06/02 12:0 a.m.38 views

[20200704] - Core - Variable tampering via user table class

Internal read-only fields in the User table class could be modified by users...

4.3CVSS5.5AI score0.00998EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/05/05 12:0 a.m.38 views

[20210304] - Core - XSS within the feed parser library

Missing filtering of feed fields could lead to xss issues...

6.1CVSS7.6AI score0.00942EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/02/09 12:0 a.m.38 views

[20180504] - Core - Installer leaks plain text password to local user

The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and displays the plain text password for the administrator account at the confirmation screen...

9.8CVSS0.9AI score0.03798EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/01/20 12:0 a.m.38 views

[20180102] - Core - XSS vulnerability in com_fields

Inadequate input filtering in comfields leads to a XSS vulnerability in multiple field types, i.e. list, radio and checkbox...

6.1CVSS1.8AI score0.58147EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2016/11/04 12:0 a.m.38 views

[20161201] - Core - Elevated Privileges

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...

7.5CVSS3.7AI score0.14099EPSS
Exploits6Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2024/01/30 12:0 a.m.37 views

[20240204] - Core - XSS in mail address outputs

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...

6.1CVSS5.8AI score0.3221EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/12/24 12:0 a.m.37 views

[20230101] - Core - CSRF within post-installation messages

Joomla! CMS versions 4.0.0-4.2.6...

6.3CVSS6.3AI score0.0023EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2022/02/20 12:0 a.m.37 views

[20220301] - Core - Zip Slip within the Tar extractor

Extracting an specifilcy crafted tar package could write files outside of the intended path...

7.5CVSS2.4AI score0.02007EPSS
Exploits3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/09/17 12:0 a.m.37 views

[20181001] - Core - Hardening com_contact contact form

Inadequate checks in comcontact could allowed mail submission in disabled forms...

4.3CVSS6.4AI score0.01348EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/11/22 12:0 a.m.36 views

[20240205] - Core - Inadequate content filtering within the filter code

Inadequate content filtering leads to XSS vulnerabilities in various components...

6.5CVSS6AI score0.48839EPSS
Exploits1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/09/23 12:0 a.m.36 views

[20201102] - Core - Disclosure of secrets in Global Configuration page

The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

7.5CVSS0.5AI score0.01305EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2020/07/07 12:0 a.m.36 views

[20210101] - Core - com_modules exposes module names

Lack of ACL checks in the orderPosition endpoint of commodules leak names of unpublished and/or inaccessible modules...

5.3CVSS2.4AI score0.01134EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2018/03/14 12:0 a.m.36 views

[20180502] - Core - Add PHAR files to the upload blacklist

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

7.5CVSS0.5AI score0.0213EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2017/08/21 12:0 a.m.36 views

Twitch Tv 1.1, SQL Injection

Twitch TV version 1.1 by Bharat Koriya aindropsinfotech.com, SQL Injection...

3.3AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2023/01/01 12:0 a.m.35 views

[20230102] - Core - Missing ACL checks for com_actionlogs

Joomla! CMS versions 4.0.0-4.2.6...

4.3CVSS5.6AI score0.00444EPSS
Exploits0Affected Software1
Total number of security vulnerabilities725