Vulnerabilities > Joomla > High

DATE CVE VULNERABILITY TITLE RISK
2016-11-04 CVE-2016-8870 Improper Input Validation vulnerability in Joomla Joomla!
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
network
high complexity
joomla CWE-20
8.1
2016-01-12 CVE-2015-8769 SQL Injection vulnerability in Joomla Joomla!
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joomla CWE-89
7.3
2008-12-19 CVE-2008-4122 Cleartext Transmission of Sensitive Information vulnerability in Joomla Joomla! 1.5.8
Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
network
low complexity
joomla CWE-319
7.5