Vulnerabilities > Joomla > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-05 | CVE-2011-1151 | SQL Injection vulnerability in Joomla Joomla! 1.6.0 Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | 9.1 |
| 2019-12-18 | CVE-2019-19846 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. | 9.8 |
| 2019-06-11 | CVE-2019-12765 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.7. | 9.8 |
| 2019-05-09 | CVE-2019-11831 | Deserialization of Untrusted Data vulnerability in multiple products The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. | 9.8 |
| 2019-04-10 | CVE-2019-10945 | Path Traversal vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.5. | 9.8 |
| 2019-02-12 | CVE-2019-7743 | Expression Language Injection vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.9.3. | 9.8 |
| 2018-08-29 | CVE-2018-15882 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.8.12. | 9.8 |
| 2018-05-22 | CVE-2018-11325 | Information Exposure Through an Error Message vulnerability in Joomla Joomla! An issue was discovered in Joomla! Core before 3.8.8. | 9.8 |
| 2018-01-30 | CVE-2018-6376 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 9.8 |
| 2017-11-10 | CVE-2017-16634 | Improper Authentication vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 9.8 |