Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-01 | CVE-2010-4365 | SQL Injection vulnerability in Harmistechnology COM Jeajaxeventcalendar SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. | 7.5 |
| 2010-11-17 | CVE-2010-4272 | SQL Injection vulnerability in Pulseinfotech COM Sponsorwall 1.1 SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2010-11-17 | CVE-2010-4268 | SQL Injection vulnerability in Pulseinfotech COM Flipwall 1.1 SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2010-09-16 | CVE-2010-3426 | Path Traversal vulnerability in 4You-Studio COM Jphone 1.0 Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2010-09-16 | CVE-2010-3422 | SQL Injection vulnerability in Solventus COM Jgen 0.9.33 SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. | 7.5 |
| 2010-09-03 | CVE-2010-3211 | SQL Injection vulnerability in Jextn COM Jefaqpro 1.5.0 Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action. | 7.5 |
| 2010-07-30 | CVE-2010-2923 | SQL Injection vulnerability in Prasanna COM Youtube 1.5 SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php. | 7.5 |
| 2010-07-30 | CVE-2010-2921 | SQL Injection vulnerability in Photoindochina COM Golfcourseguide 0.9.6.0 SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php. | 7.5 |
| 2010-07-30 | CVE-2010-2919 | SQL Injection vulnerability in Joomlaxt COM Staticxt SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2010-07-30 | CVE-2010-2918 | Code Injection vulnerability in Visocrea COM Joomla Visites 1.1 PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |