Lucene search
K
JoomlaMost viewed

725 matches found

Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/02/17 12:0 a.m.•35 views

[20220302] - Core - Path Disclosure within filesystem error messages

Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application...

5.3CVSS1AI score0.00871EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/06/20 12:0 a.m.•35 views

[20190701] - Core - Filter attribute in subform fields allows remote code execution

Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option...

8.8CVSS8.3AI score0.02314EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/03/04 12:0 a.m.•35 views

[20190301] - Core - XSS in com_config JSON handler

The JSON handler in comconfig lacks input validation, leading to XSS vulnerability...

6.1CVSS1.5AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/04 12:0 a.m.•35 views

[20170702] - Core - XSS Vulnerability

Missing CSRF token checks and improper input validation lead to an XSS vulnerability...

6.1CVSS6.2AI score0.02208EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/12/30 12:0 a.m.•35 views

[20100423] - Core - Installer Migration Script

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server...

6.8AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/01/19 12:0 a.m.•34 views

[20220308] - Core - Inadequate content filtering within the filter code

Inadequate content filtering leads to XSS vulnerabilities in various components...

6.1CVSS1.8AI score0.0065EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/01/31 12:0 a.m.•34 views

[20210309] - Core - Inadequate filtering of form contents could allow to overwrite the author field

Inadequate filtering of form contents could allow to overwrite the author field. The affected core components are comfields, comcategories, combanners, comcontact, comnewsfeeds and comtags...

5.3CVSS7.1AI score0.0114EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/10/08 12:0 a.m.•34 views

[20201106] - Core - CSRF in com_privacy emailexport feature

A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...

6.8CVSS2.4AI score0.00395EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/09/08 12:0 a.m.•34 views

[20210308] - Core - Path Traversal within joomla/archive zip class

Extracting an specifilcy crafted zip package could write files outside of the intended path...

5.5CVSS3.6AI score0.01161EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•34 views

[20210305] - Core - Input validation within the template manager

Missing input validation within the template manager...

7.5CVSS8.3AI score0.01546EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/02/17 12:0 a.m.•34 views

[20210306] - Core - com_media allowed paths that are not intended for image uploads

commedia allowed paths that are not intended for image uploads...

7.5CVSS7.7AI score0.06529EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/01/18 12:0 a.m.•34 views

[20190206] - Core - Implement the TYPO3 PHAR stream wrapper

The phar:// stream wrapper can be used for objection injection attacks. We now disallow usage of the phar:// handler for non .phar-files within the CMS globally by implementing the TYPO3 PHAR stream wrapper...

9.8CVSS9.3AI score0.02671EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/08/23 12:0 a.m.•34 views

[20180801] - Core - Hardening the InputFilter for PHAR stubs

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter...

9.8CVSS9.2AI score0.02932EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/07/10 12:0 a.m.•34 views

[20180803] - Core - ACL Violation in custom fields

Inadequate checks regarding disabled fields can lead to an ACL violation...

7.5CVSS8.4AI score0.022EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/03/30 12:0 a.m.•34 views

[20180508] - Core - Possible XSS attack in the redirect method

Under specific circumstances a redirect issued with a URI containing a username and password when the Location: header cannot be used, a lack of escaping the user-info component of the URI could result in a XSS vulnerability...

4.7CVSS1.4AI score0.01361EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2012/02/29 12:0 a.m.•34 views

[20120301] - Core - SQL Injection

Inadequate escaping leads to SQL injection vulnerability...

8.1AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2011/10/28 12:0 a.m.•34 views

[20111102] - Core - Password Change

Weak random number generation during password reset leads to possibility of changing a user's password...

7AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/03/20 12:0 a.m.•33 views

[20250402] - Core - MFA Authentication Bypass

Joomla! CMS versions: 4.0.0 - 4.4.12, 5.0.0 - 5.2.5...

7.5CVSS7.5AI score0.00378EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/11/05 12:0 a.m.•33 views

[20220307] - Core - Variable Tampering on JInput $_REQUEST data

Under specific circumstances, JInput pollutes method-specific input bags with $REQUEST data...

9.8CVSS2.3AI score0.01172EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/08/25 12:0 a.m.•33 views

[20220309] - Core - XSS attack vector through SVG

Possible XSS attack vector through SVG embedding in commedia...

6.1CVSS1.9AI score0.00565EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/23 12:0 a.m.•33 views

[20220306] - Core - Inadequate validation of internal URLs

Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not...

6.1CVSS1.4AI score0.00566EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/04/04 12:0 a.m.•33 views

[20200702] - Core - Missing checks can lead to a broken usergroups table record

Missing validation checks at the usergroups table object can result into an broken site configuration...

5.3CVSS5.8AI score0.00663EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2019/06/03 12:0 a.m.•33 views

ZOO by YOOtheme,3.3.33,SQL Injection

ZOO by YOOtheme,3.3.33,SQL Injection Fix SQL injection vulnerability in Admin Controllers new version number 3.3.34 Update Notice URL https://yootheme.com/support/zoo/changelog...

1.5AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/01 12:0 a.m.•33 views

[20190101] - Core - Stored XSS in mod_banners

Inadequate escaping in modbanners leads to a stored XSS vulnerability...

6.1CVSS5.8AI score0.00754EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/11/04 12:0 a.m.•33 views

[20201107] - Core - Write ACL violation in multiple core views

Lack of input validation while handling ACL rulesets can cause write ACL violations...

7.5CVSS8AI score0.06095EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/02/22 12:0 a.m.•33 views

[20170404] - Core - XSS Vulnerability

Inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components...

6.1CVSS6AI score0.00787EPSS
Exploits2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/11/29 12:0 a.m.•32 views

[20240201] - Core - Insufficient session expiration in MFA management views

Joomla! CMS versions 3.2.0-3.10.14-elts, 4.0.0-4.4.2, 5.0.0-5.0.2...

6.3CVSS7.1AI score0.00512EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2021/03/09 12:0 a.m.•32 views

[20210401] - Core - Escape xss in logo parameter error pages

Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error pages...

6.1CVSS2.6AI score0.82272EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/21 12:0 a.m.•32 views

SP Movie Database 1.3, SQL Injection

SP Movie Database version 1.3 by joomshaper.com, SQL Injection resolution: update to version 1.4 update notice: https://www.joomshaper.com/forums/sp-movie-database-component-updated-with-security-and-other-fixes...

2.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/07/10 6:0 p.m.•32 views

Cookie consent from silktide, Unknown version, Other

Cookie consent from silktide, Unknown version, Malicious links aka https://cookieconsent.insites.com/download/ When the Cookie Consent plugin by Silktide stopped using Amazon CDN, someone hijacked their Amazon storage and began serving malicious scripts so that sites that still use old version of...

0.3AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/11/28 12:0 a.m.•32 views

Resize Image On The Fly and Cache 1.1.0 and previous

Resize Image On The Fly and Cache - content plugin by s2software.it Version 1.1.0 and likely all previous Open folder permissions Resolution: update to version 1.3.3 Existing users will need to manually fix the permissions of folder /images/cache to 755 or delete it in order to be recreated by th...

1.1AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2022/08/27 12:0 a.m.•31 views

[20220801] - Core - Multiple Full Path Disclosures because of missing '_JEXEC or die check'

Multiple Full Path Disclosures because of missing 'JEXEC or die check' caused by the PSR12 changes done in 4.2.0. According to PROD2020/023 and in coordination with the JSST this has been patched in the public tracker vis 38615...

5.3CVSS5.9AI score0.00502EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/05/07 12:0 a.m.•31 views

[20200703] - Core - CSRF in com_privacy remove-request feature

A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

6.8CVSS6.2AI score0.00594EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/12/05 12:0 a.m.•31 views

[20190104] - Core - Stored XSS issue in the Global Configuration help url

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS...

5.4CVSS5.7AI score0.00569EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/02/23 12:0 a.m.•31 views

JSP Store Locator, 2.4, SQL Injection

JSP Store Locator by Joomla Service Provider, versions 2.4 and previous, SQL Injection Resolution: update to 2.5 update notice: http://www.joomlaserviceprovider.com/jspblog/jsp-store-locator-2-5-security-release.html...

2.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/01/21 12:0 a.m.•31 views

[20180101] - Core - XSS vulnerability in module chromes

Lack of escaping in the module chromes leads to XSS vulnerabilities in the module system...

6.1CVSS1.8AI score0.02031EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/10/06 12:0 a.m.•31 views

[20171101] - Core - LDAP Information Disclosure

Inadequate escaping in the LDAP authentication plugin can result in disclosure of username and password...

9.8CVSS9.2AI score0.06333EPSS
Exploits3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/08/04 12:0 a.m.•31 views

[20170901] - Core - Information Disclosure

A logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

4.3CVSS7.1AI score0.01758EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/13 12:0 a.m.•31 views

Joomla Payage, 2.05, SQL Injection

Joomla Payage, 2.05 and previous, SQL Injection Resolution: update to 2.0.6 Update notice: http://www.lesarbresdesign.info/version-history/payage...

1.2AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/06/05 12:0 a.m.•31 views

Vik Appointments 1.4 and previous

Vik Appointments 1.4 and previous, SQL Injection Resolution: update to 1.5 Update notice: https://extensionsforjoomla.com/blog/12-updates/46-security-notices-sql-injection-reports...

1.4AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/07/22 12:0 a.m.•31 views

Helpdesk Pro by Ossolution Team [com_helpdeskpro], before 1.4.0, multiple vulns

Helpdesk Pro by Ossolution Team comhelpdeskpro, before 1.4.0, multiple vulns Vulnerabilities: Direct Object References Cross-Site Scripting SQL Injection Local file disclosure/Path traversal File Upload Fixed: vulnerability fixed in version 1.4.0 Developer's notice:...

7.8AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2009/03/12 12:0 a.m.•31 views

[20090302] - Core - com_content XSS

A XSS vulnerability exists in the category view of comcontent...

6.3AI score
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2025/03/17 12:0 a.m.•30 views

[20250401] - Framework - SQL injection vulnerability in quoteNameStr method of Database package

Database Package version: 1.0.0-2.1.1, 3.0.0-3.3.1...

9.8CVSS7.1AI score0.00451EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2023/03/23 12:0 a.m.•30 views

JoomGallery, 3.6.1, SQL Injection

Vulnerability Type: 3rd party extension - SQL Injection Version: Old 3.6.1 / New 3.6.2 Update details: Fix vulnerability type SQL Injection. Update URL: https://www.en.joomgalleryfriends.net/news-3-6-2.html Changelog URL:...

7.8AI score
Exploits0References2Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/07/23 8:42 a.m.•30 views

JCE Pro, 2.8.15, xss

This 2.8.15 an important security update is included to prevent potential cross-site scripting attacks. https://www.joomlacontenteditor.net/news/jce-pro-2-8-15-released...

6.6AI score
Exploits0References1Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2020/06/17 12:0 a.m.•30 views

[20200706] - Core - System Information screen could expose redis or proxy credentials

Inadequate filtering in the system information screen could expose redis or proxy credentials...

5.3CVSS5.6AI score0.01636EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2018/07/10 12:0 a.m.•30 views

[20180802] - Core - Stored XSS vulnerability in the frontend profile

Inadequate output filtering on the user profile page could lead to a stored XSS attack...

5.4CVSS6.9AI score0.01033EPSS
Exploits0Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2017/03/11 12:0 a.m.•30 views

J-Business Directory by CMS Junkie, 4.6.8, SQL Injection

J-Business Directory by CMS Junkie, 4.6.8, SQL Injection Resolution: update to 4.7.3 Update Notice URL: http://www.cmsjunkie.com/blog/cat/news-joomla-business-directory/post/joomlabusinessdirectory4-7-3release...

1.2AI score
Exploits0References3Affected Software1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/06/01 6:25 p.m.•30 views

swmenufree, v8.3 ,Other

swmenufree, swMenuFree 8.3 for Joomla 2.5.x and 3.x , other Resolution: update to version 8.5 Update notice: http://www.swmenupro.com/downloads/swmenufree.html?view=document=1...

7.2AI score
Exploits0
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
•added 2015/04/08 12:0 a.m.•30 views

[20150601] - Core - Open Redirect

Inadequate checking of the return value allowed to redirect to an external page...

6.1CVSS6.2AI score0.00714EPSS
Exploits0Affected Software1
Total number of security vulnerabilities725