Vulnerabilities > Joomla > Joomla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-19 | CVE-2007-0373 | SQL Injection vulnerability in Joomla 1.5.0Beta Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function. network joomla | 6.8 |
| 2006-12-31 | CVE-2006-6834 | Cross-Site Scripting vulnerability in Joomla Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." network joomla | 6.8 |
| 2006-12-31 | CVE-2006-6832 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. | 4.3 |
| 2006-08-31 | CVE-2006-4474 | Cross-Site Scripting vulnerability in Joomla 1.0.9 Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. network joomla | 6.8 |
| 2006-08-31 | CVE-2006-4473 | Unspecified vulnerability in Joomla 1.0.9 Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | 5.1 |
| 2006-08-31 | CVE-2006-4471 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | 6.5 |
| 2006-08-31 | CVE-2006-4468 | Improper Input Validation vulnerability in Joomla Joomla! Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module. | 6.8 |
| 2006-08-31 | CVE-2006-4466 | Improper Input Validation vulnerability in Joomla 1.0.9 Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to have an unspecified impact. | 5.0 |
| 2006-07-10 | CVE-2006-3480 | Input Validation vulnerability in Joomla! Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules. network joomla | 5.8 |
| 2006-03-07 | CVE-2006-1048 | Security Bypass vulnerability in Joomla Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | 5.0 |