Vulnerabilities > Joomla > Joomla > 3.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-11-04 | CVE-2016-8869 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
2016-01-12 | CVE-2015-8769 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2015-12-16 | CVE-2015-8562 | Improper Input Validation vulnerability in Joomla Joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | 7.5 |
2014-11-03 | CVE-2014-7228 | Cryptographic Issues vulnerability in Joomla Joomla! Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. | 7.5 |
2014-10-08 | CVE-2014-7984 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | 7.5 |
2014-10-08 | CVE-2014-7982 | Cross-Site Scripting vulnerability in Joomla Joomla! Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-10-08 | CVE-2014-7981 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-10-09 | CVE-2013-5576 | Improper Input Validation vulnerability in Joomla Joomla! administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing . | 6.8 |