High

DATE	CVE	VULNERABILITY TITLE	RISK
2009-05-01	CVE-2009-1499	SQL Injection vulnerability in Joomla COM Mailto and Joomla! SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. network low complexity joomla CWE-89	7.5
2009-04-07	CVE-2009-1263	SQL Injection vulnerability in Alikonweb COM Bookjoomlas 0.1 SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. network low complexity joomla alikonweb CWE-89	7.5
2009-04-07	CVE-2009-1258	SQL Injection vulnerability in Rd-Media COM Rdautos 1.5.7 SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. network low complexity rd-media joomla CWE-89	7.5
2009-04-07	CVE-2008-6653	SQL Injection vulnerability in Wh-Com COM Webhosting SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. network low complexity joomla mambo wh-com CWE-89	7.5
2009-03-19	CVE-2008-6489	SQL Injection vulnerability in Huseyin Bora Abaci COM Myalbum 1.0 SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. network low complexity joomla huseyin-bora-abaci CWE-89	7.5
2009-03-18	CVE-2008-6483	Code Injection vulnerability in Virtuemart-Solutions COM Googlebase 1.1 PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network low complexity virtuemart-solutions joomla CWE-94	7.5
2009-03-17	CVE-2008-6481	SQL Injection vulnerability in Joomprod COM Versioning 1.0.2 SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. network low complexity joomla mambo-foundation joomprod CWE-89	7.5
2009-03-06	CVE-2008-6430	SQL Injection vulnerability in Joomla COM Mycontent 1.1.13 SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. network low complexity joomla CWE-89	7.5
2009-03-06	CVE-2008-6429	SQL Injection vulnerability in Mike Leeper COM Prayercenter SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php. network low complexity joomla mike-leeper CWE-89	7.5
2009-03-02	CVE-2008-6347	Code Injection vulnerability in Luigi Massa Onguma Time Sheet 2.04 PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. network low complexity joomla luigi-massa CWE-94	7.5