Joomla Security Vulnerabilities
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party...
8.6AI Score
0.001EPSS
Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE: some of these details are obtained from third party...
7.4AI Score
0.012EPSS
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to...
8.7AI Score
0.003EPSS
Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to...
6AI Score
0.008EPSS
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to...
7.4AI Score
0.008EPSS
Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...
5.6AI Score
0.005EPSS
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to...
8.7AI Score
0.001EPSS
Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...
6.9AI Score
0.005EPSS
Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to...
6.9AI Score
0.012EPSS
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to...
8.7AI Score
0.001EPSS
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[]...
7AI Score
0.016EPSS
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to...
8.7AI Score
0.001EPSS
Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file...
6.8AI Score
0.573EPSS
Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown...
6.6AI Score
0.002EPSS
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to...
8.7AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also...
8.8AI Score
0.001EPSS
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to...
8.8AI Score
0.001EPSS
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to...
5.9AI Score
0.002EPSS
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party...
8.6AI Score
0.001EPSS
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to...
8.7AI Score
0.004EPSS
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to...
8.7AI Score
0.002EPSS
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in....
8.7AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to...
8.8AI Score
0.001EPSS
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...
7.8AI Score
0.015EPSS
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to...
5.9AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to...
5.9AI Score
0.004EPSS
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to...
5.9AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.swf, (3) tagcloud_por.swf, (4)...
5.9AI Score
0.003EPSS
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to...
8.4AI Score
0.001EPSS
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to...
8.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the You!Hostit! template 1.0.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the created_by_alias parameter in...
5.8AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and...
8.5AI Score
0.001EPSS
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to...
8.3AI Score
0.001EPSS
Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to...
7.2AI Score
0.023EPSS
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party...
8.4AI Score
0.001EPSS
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to...
8.4AI Score
0.001EPSS
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to...
8.4AI Score
0.001EPSS
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to...
8.4AI Score
0.001EPSS