Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-23 | CVE-2007-4502 | SQL-Injection vulnerability in Bibtex SQL injection vulnerability in index.php in the BibTeX component (com_jombib) 1.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the afilter parameter. | 7.5 |
| 2007-08-08 | CVE-2007-4244 | Code Injection vulnerability in Joomla J Reactions PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | 7.5 |
| 2007-08-08 | CVE-2007-4187 | Code Injection vulnerability in Joomla 1.5.0Beta Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | 7.5 |
| 2007-08-08 | CVE-2007-4184 | SQL-Injection vulnerability in Joomla 1.0.12 SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | 7.5 |
| 2007-07-27 | CVE-2007-4046 | SQL Injection vulnerability in Joomla Pony Gallery Component SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2007-07-21 | CVE-2007-3932 | Unspecified vulnerability in Joomla Expose uploadimg.php in the Expose RC35 and earlier (com_expose) component for Joomla! sends an error message but does not exit when it detects an attempt to upload a non-JPEG file, which allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. | 7.5 |
| 2007-03-27 | CVE-2007-1704 | SQL Injection vulnerability in WebFormatique Car Manager Joomla Component SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-03-27 | CVE-2007-1703 | SQL Injection vulnerability in Joomla RWCards Component SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | 7.5 |
| 2007-03-06 | CVE-2006-7124 | Input Validation vulnerability in Joomla BSQ Sitestats 1.8.0 PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | 7.5 |
| 2007-03-06 | CVE-2006-7123 | SQL-Injection vulnerability in Joomla BSQ Sitestats 1.8.0 Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php. | 7.5 |