Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-23 | CVE-2009-3332 | SQL Injection vulnerability in Sopinet COM Jbudgetsmagic 0.3.2/0.4.0 SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3325 | SQL Injection vulnerability in Focusdev COM Surveymanager 1.5.0 SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php. | 7.5 |
| 2009-09-23 | CVE-2009-3318 | Path Traversal vulnerability in Breedveld COM Album 1.14 Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. | 7.5 |
| 2009-09-23 | CVE-2009-3316 | SQL Injection vulnerability in Jforjoomla COM Jreservation 1.0/1.5 SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php. | 7.5 |
| 2009-09-16 | CVE-2009-3215 | SQL Injection vulnerability in PHP-Shop-System Ixxo Cart SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter. | 7.5 |
| 2009-09-15 | CVE-2009-3193 | SQL Injection vulnerability in Uwix COM Digifolio 1.52 SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. | 7.5 |
| 2009-09-10 | CVE-2009-3154 | SQL Injection vulnerability in Almondsoft COM Aclassf 7.5 SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. | 7.5 |
| 2009-09-08 | CVE-2008-7169 | SQL Injection vulnerability in Jabode COM Jabode SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php. | 7.5 |
| 2009-09-03 | CVE-2009-3063 | SQL Injection vulnerability in Indianpulses COM Gameserver 1.0 SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. | 7.5 |
| 2009-09-03 | CVE-2009-3054 | SQL Injection vulnerability in Artetics COM Artportal 1.0 SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. | 7.5 |