Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.8.0  Security Vulnerabilities
CVE-2018-6378
In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager.
CVSS Score
6.1
EPSS Score
0.017
Published
2018-05-22
CVE-2018-8045
In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the User Notes list view.
CVSS Score
8.8
EPSS Score
0.211
Published
2018-03-15
CVE-2018-6376
In Joomla! before 3.8.4, the lack of type casting of a variable in a SQL statement leads to a SQL injection vulnerability in the Hathor postinstall message.
CVSS Score
9.8
EPSS Score
0.024
Published
2018-01-30
CVE-2018-6377
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
CVSS Score
6.1
EPSS Score
0.065
Published
2018-01-30
CVE-2018-6379
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-01-30
CVE-2018-6380
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
CVSS Score
6.1
EPSS Score
0.01
Published
2018-01-30
CVE-2017-16633
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.
CVSS Score
4.3
EPSS Score
0.0
Published
2017-11-10
CVE-2017-16634
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.
CVSS Score
9.8
EPSS Score
0.001
Published
2017-11-10
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved