Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 2.5.16  Security Vulnerabilities
CVE-2011-4804
Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
CVSS Score
5.0
EPSS Score
0.107
Published
2011-12-14
CVE-2011-4571
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-11-29
CVE-2011-4570
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-11-29
CVE-2010-5048
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
CVSS Score
4.3
EPSS Score
0.063
Published
2011-11-23
CVE-2010-5053
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2011-11-23
CVE-2010-5056
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
CVSS Score
7.5
EPSS Score
0.016
Published
2011-11-23
CVE-2010-5032
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
CVSS Score
7.5
EPSS Score
0.022
Published
2011-11-02
CVE-2010-5042
Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the cid[] parameter in an editItem action to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.008
Published
2011-11-02
CVE-2010-5043
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
CVSS Score
6.0
EPSS Score
0.002
Published
2011-11-02
CVE-2010-5044
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
6.0
EPSS Score
0.005
Published
2011-11-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved