Vulnerabilities > Joomla > Joomla > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-11 | CVE-2019-12765 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 9.8 |
| 2019-05-09 | CVE-2019-11831 | Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 9.8 |
| 2016-12-30 | CVE-2016-10033 | Argument Injection or Modification vulnerability in multiple products The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | 9.8 |
| 2016-11-04 | CVE-2016-8869 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
| 2013-01-24 | CVE-2012-6503 | Security vulnerability in Ninjaforge COM Ninjaxplorer 1.0.4/1.0.5/1.0.6 Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors. | 10.0 |
| 2012-11-26 | CVE-2010-5286 | Path Traversal vulnerability in Joobi COM Jstore Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 10.0 |
| 2008-11-13 | CVE-2008-5053 | Code Injection vulnerability in Joomla COM Rssreader 1.0 PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 10.0 |
| 2008-10-22 | CVE-2008-4668 | Path Traversal vulnerability in Joomla COM Imagebrowser 0.1.5 Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 9.0 |
| 2008-07-18 | CVE-2008-3225 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." | 10.0 |
| 2008-03-24 | CVE-2008-1465 | SQL Injection vulnerability in Detodas COM Restaurante 1.0 SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | 9.3 |