Joomla Security Vulnerabilities
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend...
6.9AI Score
0.004EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3)...
6.1AI Score
0.011EPSS
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack...
6.9AI Score
0.005EPSS
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in...
6.8AI Score
0.006EPSS
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file...
7.2AI Score
0.01EPSS
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified...
6.6AI Score
0.002EPSS
PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...
7.9AI Score
0.297EPSS
PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...
8AI Score
0.022EPSS
PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir...
7.6AI Score
0.462EPSS
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...
7.9AI Score
0.149EPSS
PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path...
7.6AI Score
0.081EPSS
PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path...
7.7AI Score
0.105EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages...
6.1AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks...
8.9AI Score
0.009EPSS
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath...
7.6AI Score
0.016EPSS
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack...
8.1AI Score
0.002EPSS
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact...
6.7AI Score
0.003EPSS
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due ...
6.2AI Score
0.008EPSS
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error...
6.1AI Score
0.01EPSS
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to cause a denial of service (stressed file cache) by creating many files via filenames in the feed parameter to...
6.6AI Score
0.018EPSS
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the...
6.2AI Score
0.01EPSS
Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable...
9AI Score
0.006EPSS
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management...
7AI Score
0.005EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2)...
6AI Score
0.004EPSS