Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-18 | CVE-2008-3228 | Configuration vulnerability in Joomla Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors. | 7.5 |
| 2008-07-18 | CVE-2008-3227 | Link Following vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. | 7.5 |
| 2008-07-10 | CVE-2008-3132 | SQL Injection vulnerability in Joomla COM Beamospetition SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php. | 7.5 |
| 2008-07-09 | CVE-2008-3083 | SQL Injection vulnerability in multiple products SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2008-07-02 | CVE-2008-2990 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. | 7.5 |
| 2008-06-27 | CVE-2008-2892 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php. | 7.5 |
| 2008-06-13 | CVE-2008-2697 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | 7.5 |
| 2008-06-13 | CVE-2008-2692 | SQL Injection vulnerability in Joomla COM Yvcomment SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. | 7.5 |
| 2008-06-12 | CVE-2008-2676 | SQL Injection vulnerability in Joomla COM News Portal and Joomla SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
| 2008-06-10 | CVE-2008-2651 | SQL Injection vulnerability in Joomla COM Joobb 0.5.9 SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php. | 7.5 |