Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-02 | CVE-2009-0381 | SQL Injection vulnerability in Bazaarbuilder Ecommerce Shopping Cart 5.0 SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php. | 7.5 |
| 2009-02-02 | CVE-2009-0379 | SQL Injection vulnerability in Joomla COM Pcchess SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761. | 7.5 |
| 2009-02-02 | CVE-2009-0377 | SQL Injection vulnerability in Joomla COM Beamospetition 1.0.12 SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | 7.5 |
| 2009-01-30 | CVE-2009-0373 | SQL Injection vulnerability in Elearningforce Flash Magazine Deluxe NIL SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. | 7.5 |
| 2009-01-29 | CVE-2009-0333 | SQL Injection vulnerability in Joomla COM Waticketsystem SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | 7.5 |
| 2009-01-29 | CVE-2009-0329 | SQL Injection vulnerability in Joomla COM Pccookbook SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844. | 7.5 |
| 2009-01-23 | CVE-2008-5957 | SQL Injection vulnerability in Mydyngallery SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | 7.5 |
| 2009-01-08 | CVE-2008-5875 | SQL Injection vulnerability in Joomlahbs products SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | 7.5 |
| 2009-01-08 | CVE-2008-5874 | SQL Injection vulnerability in Joomlahbs products Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. | 7.5 |
| 2009-01-06 | CVE-2008-5865 | SQL Injection vulnerability in Joomlahbs Hotel Booking Reservation System 1.0.0 SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php. | 7.5 |