Vulnerabilities > Joobi > Jnews

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2015-7342 SQL Injection vulnerability in Joobi Jnews 8.3.1
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
network
low complexity
joobi CWE-89
6.5
2020-03-09 CVE-2015-7341 Unrestricted Upload of File with Dangerous Type vulnerability in Joobi Jnews 8.3.1
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
network
low complexity
joobi CWE-434
6.5
2020-03-09 CVE-2015-7343 Cross-site Scripting vulnerability in Joobi Jnews 8.3.1
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
network
joobi CWE-79
3.5