Vulnerabilities > Joomla > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-29 CVE-2018-15882 Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla!
An issue was discovered in Joomla! before 3.8.12.
network
low complexity
joomla CWE-434
7.5
2018-01-30 CVE-2018-6376 SQL Injection vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
network
low complexity
joomla CWE-89
7.5
2017-11-10 CVE-2017-16634 Improper Authentication vulnerability in Joomla Joomla!
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
network
low complexity
joomla CWE-287
7.5
2017-05-17 CVE-2017-8917 SQL Injection vulnerability in Joomla Joomla! 3.7.0
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
7.5
2017-01-23 CVE-2016-9081 Credentials Management vulnerability in Joomla Joomla!
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
network
low complexity
joomla CWE-255
7.5
2016-12-30 CVE-2016-10045 Command Injection vulnerability in multiple products
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP.
network
low complexity
phpmailer-project wordpress joomla CWE-77
7.5
2016-12-05 CVE-2016-9836 Improper Access Control vulnerability in Joomla Joomla!
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions.
network
low complexity
joomla CWE-284
7.5
2016-11-04 CVE-2016-8870 Improper Input Validation vulnerability in Joomla Joomla!
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
network
high complexity
joomla CWE-20
8.1
2016-01-12 CVE-2015-8769 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
7.5
2015-12-16 CVE-2015-8566 Remote Code Execution vulnerability in Joomla Session 1.3.0
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
network
low complexity
joomla
7.5