Vulnerabilities > Joomla > High

DATE CVE VULNERABILITY TITLE RISK
2012-08-23 CVE-2011-5112 SQL Injection vulnerability in Blueflyingfish COM Alameda
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.
network
low complexity
blueflyingfish joomla CWE-89
7.5
2012-08-14 CVE-2011-5099 SQL Injection vulnerability in Chillcreations MOD Ccnewsletter 1.0.7/1.0.8/1.0.9
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
chillcreations joomla CWE-89
7.5
2012-08-10 CVE-2012-3554 SQL Injection vulnerability in Rsgallery2 COM Rsgallery2
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
rsgallery2 joomla CWE-89
7.5
2012-07-03 CVE-2012-2747 Unspecified vulnerability in Joomla Joomla!
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking."
network
low complexity
joomla
7.5
2011-12-15 CVE-2011-4829 SQL Injection vulnerability in Barter-Sites COM Listing 1.3
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
network
low complexity
barter-sites joomla CWE-89
7.5
2011-12-15 CVE-2011-4823 SQL Injection vulnerability in Extensionsforjoomla COM Vikrealestate 1.0
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
network
low complexity
extensionsforjoomla joomla CWE-89
7.5
2011-12-14 CVE-2011-4808 SQL Injection vulnerability in Joomlaextensions COM Hmcommunity
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
network
low complexity
joomlaextensions joomla CWE-89
7.5
2011-11-29 CVE-2011-4571 SQL Injection vulnerability in Eaimproved COM Estateagent
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
network
low complexity
eaimproved joomla CWE-89
7.5
2011-11-29 CVE-2011-4570 SQL Injection vulnerability in Takeaweb COM Timereturns 2.0
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
network
low complexity
takeaweb joomla CWE-89
7.5
2011-11-23 CVE-2010-5056 SQL Injection vulnerability in GBU Grafici COM Gbufacebook 1.0.5
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
network
low complexity
gbu-grafici joomla CWE-89
7.5