Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-12-16 | CVE-2015-8565 | Improper Input Validation vulnerability in Joomla Joomla! Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2015-12-16 | CVE-2015-8564 | Improper Input Validation vulnerability in Joomla Joomla! Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. | 7.5 |
| 2015-12-16 | CVE-2015-8562 | Improper Input Validation vulnerability in Joomla Joomla! Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. | 7.5 |
| 2015-10-29 | CVE-2015-7858 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | 7.5 |
| 2015-10-29 | CVE-2015-7857 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php. | 7.5 |
| 2015-10-29 | CVE-2015-7297 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | 7.5 |
| 2015-06-18 | CVE-2015-4654 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. | 7.5 |
| 2014-11-03 | CVE-2014-7228 | Cryptographic Issues vulnerability in Joomla Joomla! Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive. | 7.5 |
| 2014-10-08 | CVE-2014-7984 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication. | 7.5 |
| 2014-10-08 | CVE-2014-7981 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |