Joomla!@3.1.6 Security Vulnerabilities and Issues — Joomla!@3.1.6 CVE List

Lucene search

JoomlaJoomla!3.1.6

16 matches found

CVE•added 2015/12/16 9:59 p.m.•188 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

7.5CVSS8AI score0.93238EPSS

CVE•added 2017/09/20 6:29 p.m.•96 views

CVE-2017-14596

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

9.8CVSS9.2AI score0.03976EPSS

CVE•added 2014/11/03 10:55 p.m.•80 views

CVE-2014-7228

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 t...

7.5CVSS7.8AI score0.07974EPSS

CVE•added 2017/07/26 3:29 p.m.•77 views

CVE-2017-11612

In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.

6.1CVSS7AI score0.00222EPSS

CVE•added 2017/04/25 6:59 p.m.•70 views

CVE-2017-7986

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.

6.1CVSS6AI score0.0001EPSS

CVE•added 2017/07/17 9:29 p.m.•62 views

CVE-2017-9933

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.

7.5CVSS7.2AI score0.00045EPSS

CVE•added 2017/08/02 2:29 p.m.•59 views

CVE-2017-11364

The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.

8.8CVSS8.4AI score0.00125EPSS

CVE•added 2017/07/17 9:29 p.m.•54 views

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.

6.1CVSS6.3AI score0.00375EPSS

CVE•added 2014/10/08 7:55 p.m.•53 views

CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

7.5CVSS6.8AI score0.0019EPSS

CVE•added 2014/10/08 7:55 p.m.•52 views

CVE-2014-7982

Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0002EPSS

CVE•added 2016/01/12 8:59 p.m.•51 views

CVE-2015-8769

SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS7.6AI score0.00599EPSS

CVE•added 2017/04/25 6:59 p.m.•49 views

CVE-2017-7983

In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail API leaked the used PHPMailer version in the mail headers.

5.3CVSS5.6AI score0.00008EPSS

CVE•added 2017/04/25 6:59 p.m.•48 views

CVE-2017-7988

In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.

5.3CVSS5.5AI score0.00006EPSS

CVE•added 2017/09/20 6:29 p.m.•46 views

CVE-2015-5608

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.

6.1CVSS6.2AI score0.00061EPSS

CVE•added 2014/10/08 7:55 p.m.•40 views

CVE-2014-7981

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.7AI score0.00041EPSS

CVE•added 2014/10/08 7:55 p.m.•36 views

CVE-2014-7983

Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.0003EPSS