Search Results (631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4862 2 Harmistechnology, Joomla 2 Com Jedirectory, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVE-2010-4864 2 Danieljamesscott, Joomla 2 Com Clubmanager, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
CVE-2010-4865 2 Harmistechnology, Joomla 2 Com Jeguestbook, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
CVE-2010-4898 2 Gantry-framework, Joomla 2 Com Gantry, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
CVE-2010-4902 2 Joomla, Joomla-clantools 2 Joomla\!, Clantools 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
CVE-2010-5056 2 Gbu Grafici, Joomla 2 Com Gbufacebook, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
CVE-2011-4321 1 Joomla 1 Joomla\! 2025-04-11 N/A
The password reset functionality in Joomla! 1.5.x through 1.5.24 uses weak random numbers, which makes it easier for remote attackers to change the passwords of arbitrary users via unspecified vectors.
CVE-2011-4332 1 Joomla 1 Joomla\! 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2023-23750 1 Joomla 1 Joomla\! 2025-03-29 6.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2024-21724 1 Joomla 1 Joomla\! 2025-03-29 6.1 Medium
Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions.
CVE-2023-23751 1 Joomla 1 Joomla\! 2025-03-29 4.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
CVE-2024-26279 1 Joomla 1 Joomla\! 2025-03-26 6.1 Medium
The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
CVE-2024-21729 1 Joomla 1 Joomla\! 2025-03-26 6.1 Medium
Inadequate input validation leads to XSS vulnerabilities in the accessiblemedia field.
CVE-2024-21730 1 Joomla 1 Joomla\! 2025-03-20 5.4 Medium
The fancyselect list field layout does not correctly escape inputs, leading to a self-XSS vector.
CVE-2024-26278 1 Joomla 1 Joomla\! 2025-03-14 4.6 Medium
The Custom Fields component not correctly filter inputs, leading to a XSS vector.
CVE-2024-21731 1 Joomla 1 Joomla\! 2025-03-14 6.1 Medium
Improper handling of input could lead to an XSS vector in the StringHelper::truncate method.
CVE-2023-23754 1 Joomla 1 Joomla\! 2025-01-10 6.1 Medium
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
CVE-2023-23755 1 Joomla 1 Joomla\! 2025-01-10 7.5 High
An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.
CVE-2023-40626 1 Joomla 1 Joomla\! 2024-12-04 7.5 High
The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information.
CVE-2022-27914 1 Joomla 1 Joomla\! 2024-11-26 6.1 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in com_media.