Lucene search

K

7 matches found

CVE
CVE
•added 2020/12/28 8:15 p.m.•125 views

CVE-2020-35613

An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filter blacklist configuration leads to a SQL injection vulnerability in the backend user list.

9.8CVSS9.8AI score0.01169EPSS
CVE
CVE
•added 2020/12/28 8:15 p.m.•87 views

CVE-2020-35611

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.

7.5CVSS7.4AI score0.00012EPSS
CVE
CVE
•added 2020/12/28 8:15 p.m.•86 views

CVE-2020-35614

An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.

5.3CVSS5.2AI score0.00006EPSS
CVE
CVE
•added 2020/12/28 8:15 p.m.•86 views

CVE-2020-35616

An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.

7.5CVSS7.5AI score0.0001EPSS
CVE
CVE
•added 2020/12/28 8:15 p.m.•83 views

CVE-2020-35610

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.

7.5CVSS7.5AI score0.00008EPSS
CVE
CVE
•added 2020/12/28 8:15 p.m.•70 views

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.

7.5CVSS7.5AI score0.00013EPSS
CVE
CVE
•added 2020/12/28 8:15 p.m.•67 views

CVE-2020-35615

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of com_privacy causes a CSRF vulnerability.

6.8CVSS6.3AI score0.00004EPSS