Vulnerabilities > Joomla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-11-23 | CVE-2010-5053 | SQL Injection vulnerability in PHP-Shop-System COM Xobbix 1.0.1 SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php. | 7.5 |
| 2011-11-23 | CVE-2010-5048 | Cross-Site Scripting vulnerability in Joomlatune COM Jcomments 2.1.0.0 Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php. | 4.3 |
| 2011-11-02 | CVE-2010-5044 | SQL Injection vulnerability in Kanich COM Searchlog 3.1.0 SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. | 6.0 |
| 2011-11-02 | CVE-2010-5043 | SQL Injection vulnerability in Blueconstantmedia COM Djartgallery 0.9.1 SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php. | 6.0 |
| 2011-11-02 | CVE-2010-5042 | Cross-Site Scripting vulnerability in Blueconstantmedia COM Djartgallery 0.9.1 Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. | 4.3 |
| 2011-11-02 | CVE-2010-5032 | SQL Injection vulnerability in Tamlyncreative COM Bfquiztrial SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | 7.5 |
| 2011-11-02 | CVE-2010-5028 | SQL Injection vulnerability in Harmistechnology COM Jejob 1.0 SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | 7.5 |
| 2011-11-02 | CVE-2010-5022 | SQL Injection vulnerability in Harmistechnology COM Jesubmit 1.4 SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | 7.5 |
| 2011-11-02 | CVE-2010-4971 | Cross-Site Scripting vulnerability in Videowhisper PHP 2 WAY Video Chat Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php. | 4.3 |
| 2011-11-01 | CVE-2010-5003 | SQL Injection vulnerability in Autartica COM Autartimonial 1.0.8 SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. | 7.5 |