Vulnerabilities > Joomla > Joomla > 1.5rc4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-16 | CVE-2009-3215 | SQL Injection vulnerability in PHP-Shop-System Ixxo Cart SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
| 2009-02-26 | CVE-2008-6299 | Cross-Site Scripting vulnerability in Joomla Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission." | 3.5 |
| 2008-01-04 | CVE-2007-6645 | Permissions, Privileges, and Access Controls vulnerability in Joomla 1.5Rc4 Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | 7.5 |
| 2008-01-04 | CVE-2007-6644 | Permissions, Privileges, and Access Controls vulnerability in Joomla 1.5Rc4 Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model. | 6.5 |
| 2008-01-04 | CVE-2007-6643 | Cross-Site Scripting vulnerability in Joomla 1.5Rc4 Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-01-04 | CVE-2007-6642 | Cross-Site Request Forgery (CSRF) vulnerability in Joomla 1.5Rc4 Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors. | 6.8 |