Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-12 | CVE-2006-7010 | SQL-Injection vulnerability in Joomla The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | 7.5 |
| 2007-02-12 | CVE-2006-7009 | Remote Security vulnerability in Joomla Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | 7.5 |
| 2007-02-12 | CVE-2006-7008 | Remote Security vulnerability in Joomla Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | 7.5 |
| 2007-01-19 | CVE-2007-0387 | SQL-Injection vulnerability in Joomla 20070118 SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2007-01-19 | CVE-2007-0374 | SQL Injection vulnerability in Mambo/Joomla CMS ID SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | 7.5 |
| 2006-12-31 | CVE-2006-6843 | Remote File Include vulnerability in Joomla BE IT Easypartner Component 0.0.9Beta PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. | 7.5 |
| 2006-12-31 | CVE-2006-6833 | Cross-Site Scripting vulnerability in Joomla com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | 7.5 |
| 2006-08-31 | CVE-2006-4476 | Code Injection vulnerability in Joomla 1.0.9 Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | 7.5 |
| 2006-08-31 | CVE-2006-4475 | Permissions, Privileges, and Access Controls vulnerability in Joomla 1.0.9 Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | 7.5 |
| 2006-08-31 | CVE-2006-4472 | Unspecified vulnerability in Joomla Joomla! Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. | 7.5 |