Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-28 | CVE-2009-4431 | Code Injection vulnerability in Anything-Digital COM Jcalpro 1.5.3.6 PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2009-12-28 | CVE-2009-4428 | SQL Injection vulnerability in Joomplace COM Joomportfolio 1.0.0 SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | 7.5 |
| 2009-12-07 | CVE-2009-4217 | SQL Injection vulnerability in Itamar Elharar COM Musicgallery SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. | 7.5 |
| 2009-12-04 | CVE-2009-4202 | Path Traversal vulnerability in Omilenitsolutions COM Omphotogallery 0.5 Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. | 7.5 |
| 2009-12-04 | CVE-2009-4200 | SQL Injection vulnerability in Vollmar COM Seminar 1.28 SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php. | 7.5 |
| 2009-11-29 | CVE-2009-4104 | SQL Injection vulnerability in Lyften COM Lyftenbloggie 1.0.4 SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php. | 7.5 |
| 2009-11-29 | CVE-2009-4099 | SQL Injection vulnerability in G4J.Laoneo COM Gcalendar 1.1.2/2.1.4 SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. | 7.5 |
| 2009-11-24 | CVE-2009-4057 | SQL Injection vulnerability in Inertialfate COM IF Nexus 1.1 SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. | 7.5 |
| 2009-11-18 | CVE-2009-3972 | SQL Injection vulnerability in Qproje COM Siirler 1.2 SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | 7.5 |
| 2009-11-18 | CVE-2009-3971 | SQL Injection vulnerability in Jtips COM Jtips 1.0.7/1.0.9 SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php. | 7.5 |