Vulnerabilities > Joomla > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-11 | CVE-2007-5363 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2007-10-11 | CVE-2007-5362 | Code Injection vulnerability in multiple products Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. | 6.8 |
| 2007-10-09 | CVE-2007-5310 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2007-10-09 | CVE-2007-5309 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in admin.wmtgallery.php in the webmaster-tips.net Flash Image Gallery (com_wmtgallery) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2007-09-18 | CVE-2007-4955 | Code Injection vulnerability in Joomla Flash FUN Component 1.0 PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2007-09-18 | CVE-2007-4954 | Code Injection vulnerability in Joomla Joom12Pic Component 1.0 PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2007-09-17 | CVE-2007-4923 | Code Injection vulnerability in Joomla Radio 5 PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2007-09-10 | CVE-2007-4781 | Improper Input Validation vulnerability in Joomla 1.5.0Beta1/1.5.0Beta2/1.5.0Rc1 administrator/index.php in the installer component (com_installer) in Joomla! 1.5 Beta1, Beta2, and RC1 allows remote authenticated administrators to upload arbitrary files to tmp/ via the "Upload Package File" functionality, which is accessible when com_installer is the value of the option parameter. | 6.6 |
| 2007-09-10 | CVE-2007-4780 | Improper Input Validation vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain sensitive information (the full path) via unspecified vectors, probably involving direct requests to certain PHP scripts in tmpl/ directories. | 6.8 |
| 2007-09-10 | CVE-2007-4779 | Cross-Site Scripting vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | 4.3 |