Vulnerabilities > Joomla > COM Facileforms > High

DATE CVE VULNERABILITY TITLE RISK
2008-07-02 CVE-2008-2990 Code Injection vulnerability in multiple products
PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.
network
low complexity
joomla mambo CWE-94
7.5
2008-02-21 CVE-2008-0855 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
network
low complexity
joomla mambo CWE-89
7.5