Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-10-08 | CVE-2014-6632 | Improper Authentication vulnerability in Joomla Joomla! Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | 7.5 |
| 2013-02-13 | CVE-2013-1453 | Unspecified vulnerability in Joomla Joomla! plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. | 7.5 |
| 2012-12-03 | CVE-2012-1598 | Permissions, Privileges, and Access Controls vulnerability in Joomla Joomla! Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | 7.5 |
| 2012-11-26 | CVE-2010-5280 | Path Traversal vulnerability in Joomla-Cbe COM CBE 1.4.10/1.4.8/1.4.9 Directory traversal vulnerability in the Community Builder Enhanced (CBE) (com_cbe) component 1.4.8, 1.4.9, and 1.4.10 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2012-10-01 | CVE-2012-5230 | Security vulnerability in Harmistechnology COM Jesubmit 1.4 Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors. | 7.5 |
| 2012-09-26 | CVE-2012-1116 | SQL Injection vulnerability in Joomla Joomla! SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-09-23 | CVE-2012-5101 | SQL Injection vulnerability in Jextensions JE Poll Component SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-09-06 | CVE-2006-7247 | SQL Injection vulnerability in Joomla COM Weblinks SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | 7.5 |
| 2012-09-06 | CVE-2012-4868 | SQL Injection vulnerability in Kunena 1.7.2 SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2012-08-23 | CVE-2011-5113 | SQL Injection vulnerability in Techdeluge COM Techfolio 1.0 SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |