Joomla Security Vulnerabilities and Issues — Joomla CVE List

Lucene search

JoomlaJoomla

9 matches found

CVE•added 2007/10/09 9:17 p.m.•64 views

CVE-2007-5310

PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

6.8CVSS7.6AI score0.00168EPSS

CVE•added 2007/10/14 6:17 p.m.•63 views

CVE-2007-5451

PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8CVSS7.5AI score0.00107EPSS

CVE•added 2007/10/11 1:17 a.m.•53 views

CVE-2007-5362

Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) ...

6.8CVSS7.3AI score0.05269EPSS

CVE•added 2007/10/09 9:17 p.m.•51 views

CVE-2007-5309

PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8CVSS7.7AI score0.07977EPSS

CVE•added 2007/10/12 6:17 p.m.•50 views

CVE-2007-5410

PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

6.8CVSS7.7AI score0.00339EPSS

CVE•added 2007/10/14 7:17 p.m.•47 views

CVE-2007-5457

Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader...

6.8CVSS7.8AI score0.00264EPSS

CVE•added 2007/10/11 1:17 a.m.•43 views

CVE-2007-5363

PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; t...

6.8CVSS7.3AI score0.00144EPSS

CVE•added 2007/10/12 10:17 a.m.•40 views

CVE-2007-5389

PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a ...

6.8CVSS7.6AI score0.00047EPSS

CVE•added 2007/10/12 11:17 p.m.•39 views

CVE-2007-5427

Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.

4.3CVSS5.7AI score0.00368EPSS