Joomla! Security Vulnerabilities and Issues — Joomla! CVE List

Lucene search

JoomlaJoomla!

8 matches found

CVE•added 2016/12/30 7:59 p.m.•493 views

CVE-2016-10033

The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property.

9.8CVSS9.8AI score0.94366EPSS

CVE•added 2016/12/30 7:59 p.m.•247 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE:...

9.8CVSS10AI score0.94366EPSS

CVE•added 2016/12/16 9:59 a.m.•199 views

CVE-2016-9838

An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and ...

7.5CVSS8.4AI score0.02871EPSS

CVE•added 2016/11/04 9:59 p.m.•138 views

CVE-2016-8870

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

8.1CVSS8.7AI score0.91921EPSS

CVE•added 2016/11/04 9:59 p.m.•135 views

CVE-2016-8869

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

9.8CVSS9.4AI score0.93416EPSS

CVE•added 2016/12/05 5:59 p.m.•75 views

CVE-2016-9836

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the .php6, .php7, .phtml, and .phpt extensions. Additionally, J...

9.8CVSS9.4AI score0.00374EPSS

CVE•added 2016/12/16 9:59 a.m.•69 views

CVE-2016-9837

An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view allow users to view articles that should not be publicly accessible, as demonstrated by an index.php?op...

7.5CVSS8.2AI score0.0001EPSS

CVE•added 2016/01/12 8:59 p.m.•51 views

CVE-2015-8769

SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.

7.5CVSS7.6AI score0.00599EPSS