Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-29 | CVE-2018-15882 | Unrestricted Upload of File with Dangerous Type vulnerability in Joomla Joomla! An issue was discovered in Joomla! before 3.8.12. | 7.5 |
| 2018-01-30 | CVE-2018-6376 | SQL Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message. | 7.5 |
| 2017-11-10 | CVE-2017-16634 | Improper Authentication vulnerability in Joomla Joomla! In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | 7.5 |
| 2017-05-17 | CVE-2017-8917 | SQL Injection vulnerability in Joomla Joomla! 3.7.0 SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2017-01-23 | CVE-2016-9081 | Credentials Management vulnerability in Joomla Joomla! Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. | 7.5 |
| 2016-12-30 | CVE-2016-10045 | Command Injection vulnerability in multiple products The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. | 7.5 |
| 2016-12-05 | CVE-2016-9836 | Improper Access Control vulnerability in Joomla Joomla! The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. | 7.5 |
| 2016-11-04 | CVE-2016-8870 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | 8.1 |
| 2016-01-12 | CVE-2015-8769 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2015-12-16 | CVE-2015-8566 | Remote Code Execution vulnerability in Joomla Session 1.3.0 The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. | 7.5 |