Vulnerabilities > Joomla > High

DATE CVE VULNERABILITY TITLE RISK
2015-12-16 CVE-2015-8565 Improper Input Validation vulnerability in Joomla Joomla!
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors.
network
low complexity
joomla CWE-20
7.5
2015-12-16 CVE-2015-8564 Improper Input Validation vulnerability in Joomla Joomla!
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive.
network
low complexity
joomla CWE-20
7.5
2015-12-16 CVE-2015-8562 Improper Input Validation vulnerability in Joomla Joomla!
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
network
low complexity
joomla CWE-20
7.5
2015-10-29 CVE-2015-7858 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
network
low complexity
joomla CWE-89
7.5
2015-10-29 CVE-2015-7857 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
network
low complexity
joomla CWE-89
7.5
2015-10-29 CVE-2015-7297 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
network
low complexity
joomla CWE-89
7.5
2015-06-18 CVE-2015-4654 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
network
low complexity
joomla CWE-89
7.5
2014-11-03 CVE-2014-7228 Cryptographic Issues vulnerability in Joomla Joomla!
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
network
low complexity
joomla CWE-310
7.5
2014-10-08 CVE-2014-7984 Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
network
low complexity
joomla CWE-264
7.5
2014-10-08 CVE-2014-7981 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
7.5