Vulnerabilities > Joomla > Joomla > 1.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-30 | CVE-2018-6377 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | 4.3 |
2018-01-30 | CVE-2018-6376 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 7.5 |
2017-08-02 | CVE-2017-11364 | Improper Certificate Validation vulnerability in Joomla Joomla! The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | 6.5 |
2016-12-16 | CVE-2016-9838 | Improper Access Control vulnerability in Joomla Joomla! An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. | 5.0 |
2016-12-16 | CVE-2016-9837 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. | 5.0 |
2016-12-05 | CVE-2016-9836 | Improper Access Control vulnerability in Joomla Joomla! The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. | 7.5 |
2016-11-04 | CVE-2016-8870 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | 8.1 |
2016-11-04 | CVE-2016-8869 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
2014-10-20 | CVE-2012-2413 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php. | 4.3 |
2012-10-07 | CVE-2011-4911 | Improper Input Validation vulnerability in Joomla Joomla! Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors. | 5.0 |