Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-06 | CVE-2008-5864 | SQL Injection vulnerability in Joomlahbs products SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php. | 7.5 |
| 2009-01-02 | CVE-2008-5811 | SQL Injection vulnerability in Joomla COM Paxgallery 0.1 SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter in a table action to index.php. | 7.5 |
| 2008-12-31 | CVE-2008-5790 | Code Injection vulnerability in Recly Competitions 1.0 Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | 7.5 |
| 2008-12-31 | CVE-2008-5789 | Code Injection vulnerability in Recly Interactive Feederator 1.0.5 Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | 7.5 |
| 2008-12-19 | CVE-2008-4122 | Cleartext Transmission of Sensitive Information vulnerability in Joomla Joomla! 1.5.8 Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 7.5 |
| 2008-12-19 | CVE-2008-5671 | Code Injection vulnerability in Joomla 1.0.11/1.0.12/1.0.13 PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
| 2008-12-17 | CVE-2008-5643 | SQL Injection vulnerability in Joomla COM Books SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php. | 7.5 |
| 2008-12-16 | CVE-2008-5607 | SQL Injection vulnerability in Joomitaly Jmovies 1.1 SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2008-12-12 | CVE-2008-5494 | SQL Injection vulnerability in Digitalgreys COM Contactinfo 1.0 SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
| 2008-11-25 | CVE-2008-5226 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | 7.5 |