Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4244

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Aug, 2007 | 23:00
Updated At-07 Aug, 2024 | 14:46
Rejected At-
Credits

PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Aug, 2007 | 23:00
Updated At:07 Aug, 2024 | 14:46
Rejected At:
▼CVE Numbering Authority (CNA)

PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securityreason.com/securityalert/2984
third-party-advisory
x_refsource_SREASON
http://www.securityfocus.com/bid/25198
vdb-entry
x_refsource_BID
http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html
x_refsource_MISC
http://www.securityfocus.com/archive/1/477245/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/477144/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/475544/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/35808
vdb-entry
x_refsource_XF
Hyperlink: http://securityreason.com/securityalert/2984
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.securityfocus.com/bid/25198
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/477245/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/477144/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/475544/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35808
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securityreason.com/securityalert/2984
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.securityfocus.com/bid/25198
vdb-entry
x_refsource_BID
x_transferred
http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/477245/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/477144/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/475544/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/35808
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://securityreason.com/securityalert/2984
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25198
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/477245/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/477144/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/475544/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35808
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:08 Aug, 2007 | 23:17
Updated At:15 Oct, 2018 | 21:34

PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Joomla!
joomla
>>j_reactions>>Versions up to 1.8.1(inclusive)
cpe:2.3:a:joomla:j_reactions:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://securityreason.com/securityalert/2984cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/475544/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/477144/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/477245/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/25198cve@mitre.org
Exploit
http://yollubunlar.org/joomla-j-reactions-component-rfi-75.htmlcve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/35808cve@mitre.org
N/A
Hyperlink: http://securityreason.com/securityalert/2984
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/475544/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/477144/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/477245/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/25198
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://yollubunlar.org/joomla-j-reactions-component-rfi-75.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35808
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1361Records found
CVE-2009-2637
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-com_booklibraryjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4918
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.86% / 82.32%
||
7 Day CHG~0.00%
Published-08 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.

Action-Not Available
Vendor-ijoomlan/aJoomla!
Product-com_magazinejoomla\!n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2681
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.92%
||
7 Day CHG~0.00%
Published-09 Jul, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!com_sefn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-4476
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.82%
||
7 Day CHG~0.00%
Published-31 Aug, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2918
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 80.97%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-visocrean/aJoomla!
Product-joomla\!com_joomla_visitesn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4789
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.50%
||
7 Day CHG~0.00%
Published-21 Apr, 2010 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php.

Action-Not Available
Vendor-mojoblogn/aJoomla!
Product-joomlamojoblogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4431
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.50%
||
7 Day CHG~0.00%
Published-28 Dec, 2009 | 18:27
Updated-16 Sep, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-anything-digitaln/aJoomla!
Product-joomla\!com_jcalpron/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4094
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.75%
||
7 Day CHG~0.00%
Published-27 Nov, 2009 | 20:45
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.

Action-Not Available
Vendor-designforjoomlan/aJoomla!
Product-com_ezinejoomla\!n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-4604
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 79.62%
||
7 Day CHG~0.00%
Published-12 Jan, 2010 | 17:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-fernando_soaresn/aJoomla!
Product-joomlacom_mamboleton/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3817
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.67%
||
7 Day CHG~0.00%
Published-28 Oct, 2009 | 10:00
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-com_booklibraryjoomla\!n/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-3822
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.57% / 80.76%
||
7 Day CHG~0.00%
Published-28 Oct, 2009 | 10:00
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.

Action-Not Available
Vendor-fijiwebdesignn/aJoomla!
Product-joomla\!com_ajaxchatn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1505
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.86% / 91.64%
||
7 Day CHG~0.00%
Published-25 Mar, 2008 | 19:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php.

Action-Not Available
Vendor-sstreamtvn/aJoomla!
Product-custompagesjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2635
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.22%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-joomlacom_realestatemanagern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2634
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-joomlacom_medialibraryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2633
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.78%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 19:06
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-ordasoftn/aJoomla!
Product-joomlacom_vehiclemanagern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-1822
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.82% / 73.50%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 16:24
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php.

Action-Not Available
Vendor-gonzalo_masern/aJoomla!
Product-joomla\!com_artformsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-5065
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.59% / 92.04%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 22:00
Updated-07 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.

Action-Not Available
Vendor-webmaster-tipsn/aJoomla!
Product-joomlaflash_slide_shown/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6841
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.17%
||
7 Day CHG~0.00%
Published-01 Jul, 2009 | 12:26
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.

Action-Not Available
Vendor-gmitcn/aJoomla!
Product-joomlacom_dbqueryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-5789
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.86% / 89.14%
||
7 Day CHG~0.00%
Published-31 Dec, 2008 | 11:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.

Action-Not Available
Vendor-reclyn/aJoomla!
Product-interactive_feederatorjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-5790
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.04% / 76.50%
||
7 Day CHG~0.00%
Published-31 Dec, 2008 | 11:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.

Action-Not Available
Vendor-reclyn/aJoomla!
Product-competitionsjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6221
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-30.66% / 96.56%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 21:25
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.

Action-Not Available
Vendor-dadamailprojectn/aJoomla!
Product-joomladada_mail_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6347
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.05% / 76.64%
||
7 Day CHG~0.00%
Published-02 Mar, 2009 | 16:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-luigi_massan/aJoomla!
Product-joomlaonguma_time_sheetn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6483
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.89% / 87.80%
||
7 Day CHG~0.00%
Published-18 Mar, 2009 | 15:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-virtuemart-solutionsn/aJoomla!
Product-joomlacom_googlebasen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-5671
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-18 Dec, 2008 | 21:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2990
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.47%
||
7 Day CHG+0.15%
Published-02 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_facileformsjoomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-4187
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.29% / 93.26%
||
7 Day CHG~0.00%
Published-08 Aug, 2007 | 01:11
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-0387
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.56%
||
7 Day CHG~0.00%
Published-19 Jan, 2007 | 23:00
Updated-07 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CVE-2006-7124
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.80%
||
7 Day CHG~0.00%
Published-06 Mar, 2007 | 01:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter.

Action-Not Available
Vendor-n/aJoomla!
Product-bsq_sitestatsn/a
CVE-2019-7743
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-12 Feb, 2019 | 18:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2006-7247
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.01% / 0.93%
||
7 Day CHG~0.00%
Published-06 Sep, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_weblinksjoomla\!mambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-7123
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 2.18%
||
7 Day CHG~0.00%
Published-06 Mar, 2007 | 01:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

Action-Not Available
Vendor-n/aJoomla!
Product-bsq_sitestatsn/a
CVE-2006-7008
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.01% / 1.71%
||
7 Day CHG~0.00%
Published-12 Feb, 2007 | 23:00
Updated-17 Sep, 2024 | 00:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CVE-2006-6843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.85%
||
7 Day CHG+0.06%
Published-03 Jan, 2007 | 02:00
Updated-17 Sep, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aJoomla!
Product-be_it_easypartner_componentn/a
CVE-2006-5047
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.77%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 23:00
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aJoomla!
Product-rs_gallery2n/a
CVE-2006-5044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.37%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 23:00
Updated-16 Sep, 2024 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-prince_clan_chess_componentn/a
CVE-2006-5041
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.73%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 23:00
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.

Action-Not Available
Vendor-n/aJoomla!
Product-com_hotpropertieshot_propertiesn/a
CVE-2006-4992
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.80% / 90.16%
||
7 Day CHG~0.00%
Published-26 Sep, 2006 | 01:43
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.

Action-Not Available
Vendor-n/aJoomla!
Product-jd-wordpressn/a
CVE-2010-4864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.73%
||
7 Day CHG-0.05%
Published-05 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.

Action-Not Available
Vendor-danieljamesscottn/aJoomla!
Product-joomla\!com_clubmanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-4378
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 77.61%
||
7 Day CHG~0.00%
Published-26 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue

Action-Not Available
Vendor-n/aJoomla!
Product-rssxt_componentn/a
CVE-2013-1453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 15.40%
||
7 Day CHG~0.00%
Published-13 Feb, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 and 2.5.x through 2.5.8 allows attackers to unserialize arbitrary PHP objects to obtain sensitive information, delete arbitrary directories, conduct SQL injection attacks, and possibly have other impacts via the highlight parameter. Note: it was originally reported that this issue only allowed attackers to obtain sensitive information, but later analysis demonstrated that other attacks exist.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CVE-2017-16634
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.54%
||
7 Day CHG~0.00%
Published-09 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-287
Improper Authentication
CVE-2006-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.40%
||
7 Day CHG~0.00%
Published-06 Sep, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-jim_componentn/a
CVE-2006-4475
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-31 Aug, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CVE-2006-3969
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.83% / 94.69%
||
7 Day CHG~0.00%
Published-01 Aug, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aJoomla!
Product-colophonn/a
CVE-2010-4902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.98% / 82.82%
||
7 Day CHG~0.00%
Published-08 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.

Action-Not Available
Vendor-joomla-clantoolsn/aJoomla!
Product-clantoolsjoomla\!n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-2960
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.29% / 78.82%
||
7 Day CHG~0.00%
Published-12 Jun, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CVE-2006-3481
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.67%
||
7 Day CHG~0.00%
Published-10 Jul, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Related Items" module, and the (3) "Weblinks submission".

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CVE-2012-4868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.35%
||
7 Day CHG~0.00%
Published-06 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-kunenan/aJoomla!
Product-joomla\!kunenan/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-6833
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 4.93%
||
7 Day CHG~0.00%
Published-01 Jan, 2007 | 23:00
Updated-07 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.

Action-Not Available
Vendor-n/aJoomla!
Product-joomlan/a
CVE-2012-5230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.27%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors.

Action-Not Available
Vendor-harmistechnologyn/aJoomla!
Product-com_jesubmitjoomla\!n/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 27
  • 28
  • Next
Details not found