Vulnerabilities > Joomla > Joomla > 3.2.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-30 | CVE-2018-6377 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox | 4.3 |
2018-01-30 | CVE-2018-6376 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 7.5 |
2017-11-10 | CVE-2017-16634 | Improper Authentication vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 7.5 |
2017-09-20 | CVE-2017-14596 | LDAP Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | 5.0 |
2017-09-20 | CVE-2015-5608 | Open Redirect vulnerability in Joomla Joomla! Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | 5.8 |
2017-08-02 | CVE-2017-11364 | Improper Certificate Validation vulnerability in Joomla Joomla! The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | 6.5 |
2017-04-25 | CVE-2017-7985 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components. | 4.3 |
2016-12-30 | CVE-2016-10045 | Command Injection vulnerability in multiple products The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. | 7.5 |
2016-12-30 | CVE-2016-10033 | Argument Injection or Modification vulnerability in multiple products The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | 9.8 |
2016-12-16 | CVE-2016-9838 | Improper Access Control vulnerability in Joomla Joomla! An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. | 5.0 |