Vulnerabilities > Joomla > High

DATE CVE VULNERABILITY TITLE RISK
2014-10-08 CVE-2014-6632 Improper Authentication vulnerability in Joomla Joomla!
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
network
low complexity
joomla CWE-287
7.5
2013-02-13 CVE-2013-1453 Unspecified vulnerability in Joomla Joomla!
plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter.
network
low complexity
joomla
7.5
2012-12-03 CVE-2012-1598 Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla!
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
network
low complexity
joomla CWE-264
7.5
2012-11-26 CVE-2010-5280 Path Traversal vulnerability in Joomla-Cbe COM CBE 1.4.10/1.4.8/1.4.9
Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a ..
network
low complexity
joomla-cbe joomla CWE-22
7.5
2012-10-01 CVE-2012-5230 Security vulnerability in Harmistechnology COM Jesubmit 1.4
Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.
network
low complexity
harmistechnology joomla
7.5
2012-09-26 CVE-2012-1116 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
7.5
2012-09-23 CVE-2012-5101 SQL Injection vulnerability in Jextensions JE Poll Component
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
jextensions joomla CWE-89
7.5
2012-09-06 CVE-2006-7247 SQL Injection vulnerability in Joomla COM Weblinks
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
network
low complexity
joomla mambo-foundation CWE-89
7.5
2012-09-06 CVE-2012-4868 SQL Injection vulnerability in Kunena 1.7.2
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
kunena joomla CWE-89
7.5
2012-08-23 CVE-2011-5113 SQL Injection vulnerability in Techdeluge COM Techfolio 1.0
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
network
low complexity
techdeluge joomla CWE-89
7.5