Vulnerabilities > Joomla
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-27 | CVE-2007-1703 | SQL Injection vulnerability in Joomla RWCards Component SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |
| 2007-03-27 | CVE-2007-1699 | Remote File Include vulnerability in Mambo SWMenu MosConfig_Absolute_Path Parameter Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | 10.0 |
| 2007-03-22 | CVE-2007-1596 | Remote File Include vulnerability in NFN Address Book mosConfig_Absolute_Path Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | 9.3 |
| 2007-03-06 | CVE-2006-7126 | SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1 SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF. network joomla | 6.8 |
| 2007-03-06 | CVE-2006-7125 | Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0/2.1.1 Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics. network joomla | 6.8 |
| 2007-03-06 | CVE-2006-7124 | Input Validation vulnerability in Joomla BSQ Sitestats 1.8.0 PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | 7.5 |
| 2007-03-06 | CVE-2006-7123 | SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0 Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | 7.5 |
| 2007-03-06 | CVE-2006-7122 | Cross-Site Scripting vulnerability in Joomla BSQ Sitestats 1.8.0 Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter. network joomla | 6.8 |
| 2007-02-12 | CVE-2006-7010 | SQL-Injection vulnerability in Joomla The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | 7.5 |
| 2007-02-12 | CVE-2006-7009 | Remote Security vulnerability in Joomla Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | 7.5 |