Joomla!@* Security Vulnerabilities and Issues — Page 4 of Joomla!@* CVE List

Lucene search

JoomlaJoomla!*

192 matches found

CVE•added 2006/08/31 8:4 p.m.•55 views

CVE-2006-4469

Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."

7.5CVSS6.7AI score0.00211EPSS

CVE•added 2020/04/21 5:15 p.m.•55 views

CVE-2020-11889

An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level section of com_users allow the unauthorized deletion of usergroups.

5.3CVSS5.2AI score0.00009EPSS

CVE•added 2021/06/21 11:15 p.m.•54 views

CVE-2010-1434

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vuln...

7.5CVSS7.6AI score0.00006EPSS

CVE•added 2025/01/07 5:15 p.m.•54 views

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors.

6.1CVSS6AI score0.00006EPSS

CVE•added 2018/05/22 3:29 p.m.•53 views

CVE-2018-11327

An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.

4.3CVSS4.8AI score0.00015EPSS

CVE•added 2018/01/30 5:29 p.m.•53 views

CVE-2018-6379

In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.

6.1CVSS5.9AI score0.0312EPSS

CVE•added 2021/05/26 11:15 a.m.•53 views

CVE-2021-26034

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in data download endpoints in com_banners and com_sysinfo.

6.5CVSS6.4AI score0.00009EPSS

CVE•added 2021/06/21 11:15 p.m.•52 views

CVE-2010-1432

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.

7.5CVSS7.2AI score0.00008EPSS

CVE•added 2019/02/12 6:29 p.m.•52 views

CVE-2019-7742

An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector.

6.1CVSS6.2AI score0.00121EPSS

CVE•added 2011/11/23 6:55 p.m.•50 views

CVE-2011-4332

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.9AI score0.00022EPSS

CVE•added 2020/03/16 4:15 p.m.•50 views

CVE-2020-10241

An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_templates lead to CSRF.

8.8CVSS8.5AI score0.00037EPSS

CVE•added 2018/05/22 3:29 p.m.•49 views

CVE-2018-11324

An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was expected to be destroyed would be recreated.

5.9CVSS5.9AI score0.00033EPSS

CVE•added 2007/08/08 1:17 a.m.•47 views

CVE-2007-4189

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third ...

4.3CVSS5.6AI score0.00013EPSS

CVE•added 2007/10/18 9:17 p.m.•47 views

CVE-2007-5577

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item.

4.3CVSS5.7AI score0.00038EPSS

CVE•added 2007/08/08 1:17 a.m.•46 views

CVE-2007-4188

Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.

9.3CVSS6.6AI score0.00077EPSS

CVE•added 2009/05/01 4:30 p.m.•45 views

CVE-2009-1499

SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.

7.5CVSS8.7AI score0.00006EPSS

CVE•added 2014/10/20 2:55 p.m.•45 views

CVE-2012-2413

Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

4.3CVSS5.9AI score0.00035EPSS

Web

CVE•added 2006/08/31 8:4 p.m.•44 views

CVE-2006-4468

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/i...

6.8CVSS6.8AI score0.00026EPSS

CVE•added 2011/07/27 8:55 p.m.•44 views

CVE-2011-2488

Joomla! before 1.5.23 does not properly check for errors, which allows remote attackers to obtain sensitive information via unspecified vectors.

5CVSS6.1AI score0.00011EPSS

CVE•added 2011/07/27 8:55 p.m.•44 views

CVE-2011-2889

templates/system/error.php in Joomla! before 1.5.23 might allow remote attackers to obtain sensitive information via unspecified vectors that trigger an undefined value of a certain error field, leading to disclosure of the installation path. NOTE: this might overlap CVE-2011-2488.

5CVSS6AI score0.00011EPSS

CVE•added 2006/04/21 10:2 a.m.•43 views

CVE-2006-1957

The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.

5CVSS6.8AI score0.00283EPSS

CVE•added 2007/08/08 1:17 a.m.•42 views

CVE-2007-4190

CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some o...

4.3CVSS5.9AI score0.00009EPSS

CVE•added 2011/07/27 8:55 p.m.•41 views

CVE-2011-2509

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, a...

4.3CVSS5.8AI score0.00027EPSS

Web

CVE•added 2020/02/04 1:15 p.m.•41 views

CVE-2011-3629

Joomla! core 1.7.1 allows information disclosure due to weak encryption

7.5CVSS7.2AI score0.00013EPSS

CVE•added 2010/07/08 10:30 p.m.•40 views

CVE-2010-2679

SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

7.5CVSS8.6AI score0.00023EPSS

CVE•added 2006/08/31 8:4 p.m.•39 views

CVE-2006-4471

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.

6.5CVSS6.6AI score0.00093EPSS

CVE•added 2009/07/07 7:0 p.m.•39 views

CVE-2008-6852

SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5CVSS8.7AI score0.00021EPSS

CVE•added 2012/10/07 9:55 p.m.•39 views

CVE-2011-4910

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

4.3CVSS5.9AI score0.00032EPSS

CVE•added 2006/08/31 8:4 p.m.•38 views

CVE-2006-4472

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

7.5CVSS7.5AI score0.00069EPSS

CVE•added 2011/07/27 8:55 p.m.•38 views

CVE-2011-2890

The MediaViewMedia class in administrator/components/com_media/views/media/view.html.php in Joomla! 1.5.23 and earlier allows remote attackers to obtain sensitive information via vectors involving the base variable, leading to disclosure of the installation path, a different vulnerability than CVE-...

5CVSS6AI score0.00165EPSS

CVE•added 2012/10/07 9:55 p.m.•38 views

CVE-2011-4911

Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.

5CVSS6.8AI score0.00411EPSS

Web

CVE•added 2020/02/04 2:15 p.m.•38 views

CVE-2011-4912

Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout bypass.

5.3CVSS5.4AI score0.00006EPSS

CVE•added 2020/01/15 1:15 p.m.•38 views

CVE-2012-1562

Joomla! core before 2.5.3 allows unauthorized password change.

7.5CVSS7.6AI score0.00007EPSS

CVE•added 2009/11/16 8:30 p.m.•37 views

CVE-2009-3946

Joomla! before 1.5.15 allows remote attackers to read an extension's XML file, and thereby obtain the extension's version number, via a direct request.

5CVSS6.6AI score0.00041EPSS

CVE•added 2020/07/15 4:15 p.m.•37 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajax_install endpoint of com_installer causes a CSRF vulnerability.

6.8CVSS6.3AI score0.00006EPSS

CVE•added 2020/01/15 2:15 p.m.•36 views

CVE-2011-4907

Joomla! 1.5x through 1.5.12: Missing JEXEC Check

5.3CVSS5.3AI score0.00007EPSS

CVE•added 2006/08/31 8:4 p.m.•35 views

CVE-2006-4470

Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.

7.5CVSS7.2AI score0.00209EPSS

CVE•added 2009/11/16 8:30 p.m.•35 views

CVE-2009-3945

Unspecified vulnerability in the Front-End Editor in the com_content component in Joomla! before 1.5.15 allows remote authenticated users, with Author privileges, to replace the articles of an arbitrary user via unknown vectors.

5.5CVSS6.3AI score0.00032EPSS

CVE•added 2020/02/04 1:15 p.m.•35 views

CVE-2011-4937

Joomla! 1.7.1 has core information disclosure due to inadequate error checking.

7.5CVSS7.2AI score0.0001EPSS

CVE•added 2015/06/18 6:59 p.m.•34 views

CVE-2015-4654

SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.

7.5CVSS8.7AI score0.00028EPSS

CVE•added 2012/10/07 9:55 p.m.•33 views

CVE-2011-4909

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.ph...

4.3CVSS5.9AI score0.00075EPSS

Web

CVE•added 2020/01/22 4:15 p.m.•32 views

CVE-2011-3595

Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.

5.4CVSS5.5AI score0.00034EPSS

Total number of security vulnerabilities192