Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-04 | CVE-2007-6663 | SQL Injection vulnerability in Pragmatic Utopia PU Arcade 2.0.3/2.1.2/2.1.3 SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php. | 7.5 |
| 2008-01-04 | CVE-2007-6645 | Permissions, Privileges, and Access Controls vulnerability in Joomla 1.5Rc4 Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability." | 7.5 |
| 2007-12-15 | CVE-2007-6362 | SQL Injection vulnerability in Joomla RS Gallery2 Beta5 SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action. | 7.5 |
| 2007-12-07 | CVE-2007-6272 | SQL Injection vulnerability in Joomla 1.5Rc3 Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component. | 7.5 |
| 2007-09-24 | CVE-2007-5065 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 7.5 |
| 2007-09-10 | CVE-2007-4778 | SQL Injection vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. | 7.5 |
| 2007-09-10 | CVE-2007-4777 | SQL Injection vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. | 7.5 |
| 2007-08-23 | CVE-2007-4509 | SQL-Injection vulnerability in Eventlist SQL injection vulnerability in index.php in the EventList component (com_eventlist) 0.8 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the did parameter in a details action. | 7.5 |
| 2007-08-23 | CVE-2007-4506 | SQL Injection vulnerability in Joomla NeoRecruit Component SQL injection vulnerability in index.php in the NeoRecruit component (com_neorecruit) 1.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an offer_view action. | 7.5 |
| 2007-08-23 | CVE-2007-4503 | SQL Injection vulnerability in Nice Talk Joomla! Component 'tagid' Parameter SQL injection vulnerability in index.php in the Nice Talk component (com_nicetalk) 0.9.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the tagid parameter. | 7.5 |