Vulnerabilities > Joomla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-06 | CVE-2006-7247 | SQL Injection vulnerability in Joomla COM Weblinks SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
| 2012-09-06 | CVE-2012-4868 | SQL Injection vulnerability in Kunena 1.7.2 SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2012-08-31 | CVE-2011-5148 | Remote Code Execution vulnerability in Wasen MOD Simplefileupload 1.0/1.1/1.3 Multiple incomplete blacklist vulnerabilities in the Simple File Upload (mod_simplefileuploadv1.3) module before 1.3.5 for Joomla! allow remote attackers to execute arbitrary code by uploading a file with a (1) php5, (2) php6, or (3) double (e.g. | 6.8 |
| 2012-08-30 | CVE-2011-5134 | File-Upload vulnerability in Com Jce Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arbitrary PHP code by uploading a file with a double extension, as demonstrated by .php.gif. | 6.0 |
| 2012-08-23 | CVE-2011-5113 | SQL Injection vulnerability in Techdeluge COM Techfolio 1.0 SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2012-08-23 | CVE-2011-5112 | SQL Injection vulnerability in Blueflyingfish COM Alameda SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php. | 7.5 |
| 2012-08-14 | CVE-2011-5099 | SQL Injection vulnerability in Chillcreations MOD Ccnewsletter 1.0.7/1.0.8/1.0.9 SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2012-08-13 | CVE-2012-4256 | Information Exposure vulnerability in Joobi COM Jnews 7.5.1 The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. | 5.0 |
| 2012-08-10 | CVE-2012-4235 | Information Exposure vulnerability in Rsgallery2 COM Rsgallery2 The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. | 5.0 |
| 2012-08-10 | CVE-2012-4071 | Cross-Site Scripting vulnerability in Rsgallery2 COM Rsgallery2 Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. | 4.3 |