Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
JoomlaJoomla!

56 matches found

CVE
CVEadded 2022/03/30 4:15 p.m.244 views

CVE-2022-23793

An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Extracting an specifilcy crafted tar package could write files outside of the intended path.

7.5CVSS7.5AI score0.00049EPSS
CVE
CVEadded 2014/10/08 7:55 p.m.208 views

CVE-2014-6632

Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.

7.5CVSS6.7AI score0.00071EPSS
CVE
CVEadded 2016/12/16 9:59 a.m.197 views

CVE-2016-9838

An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and ...

7.5CVSS8.4AI score0.02871EPSS
CVE
CVEadded 2015/12/16 9:59 p.m.188 views

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

7.5CVSS8AI score0.93238EPSS
CVE
CVEadded 2023/11/29 1:15 p.m.187 views

CVE-2023-40626

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.

7.5CVSS7.4AI score0.00024EPSS
CVE
CVEadded 2021/07/07 11:15 a.m.153 views

CVE-2021-26036

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.

7.5CVSS7.3AI score0.00009EPSS
CVE
CVEadded 2023/05/30 5:15 p.m.113 views

CVE-2023-23755

An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.

7.5CVSS7.4AI score0.00004EPSS
CVE
CVEadded 2021/07/07 11:15 a.m.109 views

CVE-2021-26038

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for com_installer is limited to super users already.

7.5CVSS7.4AI score0.0001EPSS
CVE
CVEadded 2021/03/04 6:15 p.m.89 views

CVE-2021-23132

An issue was discovered in Joomla! 3.0.0 through 3.9.24. com_media allowed paths that are not intended for image uploads

7.5CVSS7.5AI score0.65284EPSS
CVE
CVEadded 2020/12/28 8:15 p.m.86 views

CVE-2020-35611

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values.

7.5CVSS7.4AI score0.00012EPSS
CVE
CVEadded 2020/12/28 8:15 p.m.85 views

CVE-2020-35616

An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input validation while handling ACL rulesets can cause write ACL violations.

7.5CVSS7.5AI score0.0001EPSS
CVE
CVEadded 2020/12/28 8:15 p.m.82 views

CVE-2020-35610

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms.

7.5CVSS7.5AI score0.00008EPSS
CVE
CVEadded 2018/10/09 9:29 p.m.81 views

CVE-2018-17856

An issue was discovered in Joomla! before 3.8.13. com_joomlaupdate allows the execution of arbitrary code. The default ACL config enabled the ability of Administrator-level users to access com_joomlaupdate and trigger code execution.

7.2CVSS7.3AI score0.06046EPSS
CVE
CVEadded 2014/11/03 10:55 p.m.80 views

CVE-2014-7228

Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 t...

7.5CVSS7.8AI score0.07974EPSS
CVE
CVEadded 2025/04/08 5:15 p.m.78 views

CVE-2025-25227

Insufficient state checks lead to a vector that allows to bypass 2FA checks.

7.5CVSS7AI score0.00002EPSS
CVE
CVEadded 2025/01/07 5:15 p.m.73 views

CVE-2024-40749

Improper Access Controls allows access to protected views.

7.5CVSS6.5AI score0.00002EPSS
CVE
CVEadded 2015/12/16 9:59 p.m.71 views

CVE-2015-8565

Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.

7.5CVSS7.1AI score0.00064EPSS
CVE
CVEadded 2020/12/28 8:15 p.m.70 views

CVE-2020-35612

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder parameter of mod_random_image lacked input validation, leading to a path traversal vulnerability.

7.5CVSS7.5AI score0.00013EPSS
CVE
CVEadded 2021/03/04 6:15 p.m.70 views

CVE-2021-23131

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager.

7.5CVSS7.6AI score0.00029EPSS
CVE
CVEadded 2016/12/16 9:59 a.m.69 views

CVE-2016-9837

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?op...

7.5CVSS8.2AI score0.0001EPSS
CVE
CVEadded 2020/03/16 4:15 p.m.67 views

CVE-2020-10238

An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors.

7.5CVSS7.3AI score0.03125EPSS
CVE
CVEadded 2020/06/02 8:15 p.m.67 views

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users.

7.5CVSS7.4AI score0.00011EPSS
CVE
CVEadded 2013/02/13 1:55 a.m.66 views

CVE-2013-1453

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight paramet...

7.5CVSS7.6AI score0.00051EPSS
CVE
CVEadded 2020/01/15 1:15 p.m.65 views

CVE-2012-1563

Joomla! before 2.5.3 allows Admin Account Creation.

7.5CVSS7.5AI score0.00421EPSS
CVE
CVEadded 2015/10/29 8:59 p.m.64 views

CVE-2015-7297

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.

7.5CVSS8.3AI score0.9338EPSS
CVE
CVEadded 2015/12/16 9:59 p.m.64 views

CVE-2015-8564

Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.

7.5CVSS7.1AI score0.00064EPSS
CVE
CVEadded 2017/07/17 9:29 p.m.62 views

CVE-2017-9933

Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.

7.5CVSS7.2AI score0.00045EPSS
CVE
CVEadded 2018/05/22 3:29 p.m.62 views

CVE-2018-11322

An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.

7.5CVSS7.6AI score0.00219EPSS
CVE
CVEadded 2019/04/10 7:29 p.m.59 views

CVE-2019-10946

An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.

7.5CVSS6.8AI score0.00048EPSS
CVE
CVEadded 2018/08/29 3:29 a.m.57 views

CVE-2018-15881

An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.

7.5CVSS7.4AI score0.00218EPSS
CVE
CVEadded 2019/03/12 6:29 p.m.56 views

CVE-2019-9713

An issue was discovered in Joomla! before 3.9.4. The sample data plugins lack ACL checks, allowing unauthorized access.

7.5CVSS7.4AI score0.00025EPSS
CVE
CVEadded 2024/08/20 4:15 p.m.56 views

CVE-2024-27187

Improper Access Controls allows backend users to overwrite their username when disallowed.

7.5CVSS6.5AI score0.00003EPSS
CVE
CVEadded 2025/01/07 5:15 p.m.56 views

CVE-2024-40748

Lack of output escaping in the id attribute of menu lists.

7.5CVSS6.6AI score0.00003EPSS
CVE
CVEadded 2006/08/31 8:4 p.m.55 views

CVE-2006-4469

Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."

7.5CVSS6.7AI score0.00211EPSS
CVE
CVEadded 2021/06/21 11:15 p.m.54 views

CVE-2010-1434

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vuln...

7.5CVSS7.6AI score0.00006EPSS
CVE
CVEadded 2014/10/08 7:55 p.m.53 views

CVE-2014-7984

Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.

7.5CVSS6.8AI score0.0019EPSS
CVE
CVEadded 2021/06/21 11:15 p.m.52 views

CVE-2010-1432

Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.

7.5CVSS7.2AI score0.00008EPSS
CVE
CVEadded 2016/01/12 8:59 p.m.51 views

CVE-2015-8769

SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS7.6AI score0.00599EPSS
CVE
CVEadded 2012/12/03 9:55 p.m.50 views

CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."

7.5CVSS6.7AI score0.01457EPSS
CVE
CVEadded 2015/10/29 8:59 p.m.47 views

CVE-2015-7857

SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.

7.5CVSS8.4AI score0.85485EPSS
CVE
CVEadded 2015/10/29 8:59 p.m.47 views

CVE-2015-7858

SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.

7.5CVSS8.3AI score0.9338EPSS
CVE
CVEadded 2009/05/01 4:30 p.m.45 views

CVE-2009-1499

SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.

7.5CVSS8.7AI score0.00006EPSS
CVE
CVEadded 2011/01/18 6:3 p.m.42 views

CVE-2010-4696

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this ...

7.5CVSS8.3AI score0.00074EPSS
CVE
CVEadded 2012/09/26 12:55 a.m.42 views

CVE-2012-1116

SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.7AI score0.00119EPSS
CVE
CVEadded 2020/02/04 1:15 p.m.41 views

CVE-2011-3629

Joomla! core 1.7.1 allows information disclosure due to weak encryption

7.5CVSS7.2AI score0.00013EPSS
CVE
CVEadded 2010/07/08 10:30 p.m.40 views

CVE-2010-2679

SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

7.5CVSS8.6AI score0.00023EPSS
CVE
CVEadded 2014/10/08 7:55 p.m.40 views

CVE-2014-7981

SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS8.7AI score0.00041EPSS
CVE
CVEadded 2011/01/18 6:3 p.m.39 views

CVE-2010-4166

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3)...

7.5CVSS8.6AI score0.00024EPSS
CVE
CVEadded 2006/08/31 8:4 p.m.38 views

CVE-2006-4472

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.

7.5CVSS7.5AI score0.00069EPSS
CVE
CVEadded 2009/07/07 7:0 p.m.38 views

CVE-2008-6852

SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5CVSS8.7AI score0.00021EPSS
Total number of security vulnerabilities56