Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-01 | CVE-2009-2290 | SQL Injection vulnerability in KIM Eckert COM Bsadv 0.0/0.1/0.2 SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. | 7.5 |
| 2009-07-01 | CVE-2008-6841 | Code Injection vulnerability in Gmitc COM Dbquery 1.0 PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | 7.5 |
| 2009-06-27 | CVE-2009-2239 | SQL Injection vulnerability in Joomla products SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
| 2009-06-17 | CVE-2009-2102 | SQL Injection vulnerability in COM Jumi COM Jumi 2.0.3 SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php. | 7.5 |
| 2009-06-17 | CVE-2009-2099 | SQL Injection vulnerability in Ijoomla COM Rssfeeder SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php. | 7.5 |
| 2009-06-09 | CVE-2009-2015 | Path Traversal vulnerability in Ideal COM Moofaq 1.0 Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2009-06-09 | CVE-2009-2014 | SQL Injection vulnerability in Joomla COM School 1.4 SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | 7.5 |
| 2009-06-01 | CVE-2009-1848 | SQL Injection vulnerability in Joomlame COM Agoragroup 0.3.5.3 SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | 7.5 |
| 2009-05-29 | CVE-2009-1822 | Code Injection vulnerability in Gonzalo Maser COM Artforms 2.1B7 Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php. | 7.5 |
| 2009-05-20 | CVE-2009-1736 | SQL Injection vulnerability in Joomla COM Gsticketsystem SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. | 7.5 |