Vulnerabilities > Joomlahbs

DATE CVE VULNERABILITY TITLE RISK
2009-09-24 CVE-2009-3368 Cross-Site Scripting vulnerability in Joomlahbs COM Hbssearch
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php. 		4.3
4.3
2009-09-24 CVE-2009-3357 SQL Injection vulnerability in Joomlahbs COM Hbssearch
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
network
low complexity
joomla joomlahbs CWE-89
7.5
7.5
2009-01-08 CVE-2008-5875 SQL Injection vulnerability in Joomlahbs products
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
network
low complexity
joomlahbs joomla CWE-89
7.5
7.5
2009-01-08 CVE-2008-5874 SQL Injection vulnerability in Joomlahbs products
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module.
network
low complexity
joomlahbs joomla CWE-89
7.5
7.5
2009-01-06 CVE-2008-5865 SQL Injection vulnerability in Joomlahbs Hotel Booking Reservation System 1.0.0
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
network
low complexity
joomlahbs joomla CWE-89
7.5
7.5
2009-01-06 CVE-2008-5864 SQL Injection vulnerability in Joomlahbs products
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
network
low complexity
joomlahbs joomla CWE-89
7.5
7.5