| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. |
| An improper access check allows unauthorized access to com_config webservice endpoints. |
| Lack of output escaping leads to a XSS vector in the feed modules. |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. |
| Lack of output escaping leads to a XSS vector in the readmore links for com_content. |
| Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder. |
| An improper validation of user-supplied input leads to a local file inclusion vulnerability. |
| An improper access check allows privilege escalation through the com_users batch task. |
| An improper access check allows privelege escalation through the com_users group editing webservice endpoint. |
| An improper access check allowed low privileged users to edit the task types of existing scheduler tasks. |
| An improper access check allows privilege escalation through the com_users batch task. |
| Lack of input filtering leads to an XSS vector in the HTML filter code. |
| PHP remote file inclusion vulnerability in admin.wmtportfolio.php in the webmaster-tips.net wmtportfolio 1.0 (com_wmtportfolio) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php. |
| Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. |
| Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors. |
| Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. |
| Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter in (1) configinsert.php, (2) lang.php, (3) client.php, and (4) server.php. |
| SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. |
| SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. |