Search Results (864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0421 1 Joomla 2 Com Eventing, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-5793 2 Joomla, Recly 2 Joomla, Clickheat-heatmap 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
CVE-2008-5874 2 Joomla, Joomlahbs 4 Joomla, Com 5starhotels, Com Allhotels and 1 more 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
CVE-2008-5875 2 Joomla, Joomlahbs 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System 2026-04-23 N/A
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
CVE-2009-3661 2 Blueconstantmedia, Joomla 2 Com Djcatalog, Joomla 2026-04-23 N/A
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
CVE-2008-6076 2 Jlleblanc, Joomla 2 Com Dailymessage, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVE-2009-3669 2 Foobla, Joomla 2 Com Foobla Suggestions, Joomla 2026-04-23 N/A
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
CVE-2008-6088 2 Joomla, Joomtracker 2 Joomla, Com Joomtracker 2026-04-23 N/A
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php.
CVE-2008-6222 2 Joomla, Joomlashowroom 2 Joomla, Pro Desk Support Center 2026-04-23 N/A
Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.
CVE-2008-1559 2 Bernard Gilly, Joomla 2 Com Alphacontent, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2008-4104 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a "passed in" URL.
CVE-2008-6482 2 Joomla, Justjoomla 2 Joomla, Com Treeg 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
CVE-2008-6653 3 Joomla, Mambo, Wh-com 3 Joomla, Mambo, Com Webhosting 2026-04-23 N/A
SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2008-6841 2 Gmitc, Joomla 2 Com Dbquery, Joomla 2026-04-23 N/A
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php.
CVE-2009-0380 3 Joomla, Mambo-foundation, Sigsiu.net 3 Joomla, Mambo, Sobi2 2026-04-23 N/A
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
CVE-2009-0494 2 Joomla, Mivaco 2 Joomla, Com Portfol 2026-04-23 N/A
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
CVE-2008-7033 2 Galore, Joomla 2 Com Simpleshop, Joomla\! 2026-04-23 N/A
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVE-2008-4668 1 Joomla 2 Com Imagebrowser, Joomla 2026-04-23 N/A
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVE-2009-2100 2 Joomla, Joomlapraise 2 Joomla, Com Projectfork 2026-04-23 N/A
Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
CVE-2008-1890 2 Azrul, Joomla 2 Jom Comment, Joomla 2026-04-23 N/A
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.