Vulnerabilities > Joomla > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-05 | CVE-2010-4853 | SQL Injection vulnerability in Chillcreations COM Ccinvoices SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | 7.5 |
| 2011-04-27 | CVE-2010-4795 | SQL Injection vulnerability in Joomlaseller COM Jscalendar 1.5.1/1.5.4 SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. | 7.5 |
| 2011-03-23 | CVE-2010-4769 | Path Traversal vulnerability in Janguo COM Jimtawl 1.0.2 Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. | 7.5 |
| 2011-02-16 | CVE-2010-4739 | SQL Injection vulnerability in Aretimes COM Maianmedia SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php. | 7.5 |
| 2011-02-01 | CVE-2010-4720 | SQL Injection vulnerability in Harmistechnology COM Jeauto SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page. | 7.5 |
| 2011-02-01 | CVE-2010-4719 | Path Traversal vulnerability in Fxwebdesign COM Jradio Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. | 7.5 |
| 2011-01-20 | CVE-2011-0511 | SQL Injection vulnerability in Joomtraders COM Allcinevid 1.0.0 SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2011-01-20 | CVE-2010-4702 | SQL Injection vulnerability in Fxwebdesign COM Jradio SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-01-18 | CVE-2010-4696 | SQL Injection vulnerability in Joomla Joomla! Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. | 7.5 |
| 2010-12-06 | CVE-2010-4404 | SQL Injection vulnerability in Anything-Digital Sh404Sef SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |