Search Results (631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-4475 2 Joomla, Joomlub 2 Joomla\!, Com Joomlub 2026-04-23 N/A
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
CVE-2009-4200 2 Joomla, Vollmar 2 Joomla\!, Com Seminar 2026-04-23 N/A
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
CVE-2009-1499 1 Joomla 2 Com Mailto, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
CVE-2009-3964 2 Joomla, Ninjaforge 2 Joomla\!, Com Ninjamonials 2026-04-23 N/A
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVE-2008-6276 2 Drupal, Joomla 2 User Karma Module, Joomla\! 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
CVE-2010-0157 2 Joomla, Joomlabiblestudy 2 Joomla\!, Com Biblestudy 2026-04-23 N/A
Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
CVE-2016-10033 3 Joomla, Phpmailer Project, Wordpress 3 Joomla\!, Phpmailer, Wordpress 2026-04-21 9.8 Critical
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVE-2005-4650 1 Joomla 1 Joomla\! 2026-04-16 5.3 Medium
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.
CVE-2006-1957 2 Joomla, Mambo-foundation 2 Joomla\!, Mambo 2026-04-16 N/A
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
CVE-2006-4469 1 Joomla 1 Joomla\! 2026-04-16 N/A
Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws."
CVE-2006-4470 1 Joomla 1 Joomla\! 2026-04-16 N/A
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
CVE-2006-4468 1 Joomla 1 Joomla\! 2026-04-16 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack of inclusion of globals.php in administrator/index.php; (5) the Admin User Manager; and (6) the poll module.
CVE-2006-4471 1 Joomla 1 Joomla\! 2026-04-16 N/A
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
CVE-2006-4472 1 Joomla 1 Joomla\! 2026-04-16 N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task.
CVE-2026-21632 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 5.4 Medium
Lack of output escaping for article titles leads to XSS vectors in various locations.
CVE-2026-21631 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 5.4 Medium
Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-23899 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 8.8 High
An improper access check allows unauthorized access to webservice endpoints.
CVE-2026-21629 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 7.3 High
The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers.
CVE-2026-23898 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 7.2 High
Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism.
CVE-2026-21630 1 Joomla 2 Joomla!, Joomla\! 2026-04-10 8.8 High
Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint.