4 matches found
CVE-2024-40744
CVE-2024-40744 affects the Joomla extension Convert Forms; versions prior to 4.4.8 are vulnerable. The issue is an unrestricted file upload via a security bypass in the Convert Forms component, enabling potential malicious uploads. The vulnerability is high impact (per CVSS 3.1: AV:N/AC:L/PR:N/UI...
CVE-2024-40745
The CVE-2024-40745 entry concerns a Reflected Cross‑Site Scripting (XSS) vulnerability in the Joomla Convert Forms component, affecting versions prior to 4.4.8. Multiple connected sources (Red Hat, CVE lists, CNVD, CVE records) consistently identify the affected product as the Convert Forms compo...
CVE-2025-22212
CVE-2025-22212 affects the Joomla Convert Forms extension versions 1.0.0–4.4.9. An authenticated administrator can exploit a SQL injection in the submission management area of the backend to execute arbitrary SQL commands. The CVSSv3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N) yields a base sc...
CVE-2018-10063
CVE-2018-10063 affects Joomla! Convert Forms extension prior to 2.0.4. The vulnerability is a CSV injection that enables remote command execution when exporting leads/form data, due to how CSV fields are handled during export. Documented impact includes potential arbitrary command execution with ...