Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 3.6.5  Security Vulnerabilities
CVE-2017-7985
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7986
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7987
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
CVSS Score
6.1
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7988
In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of form contents allows overwriting the author of an article.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2017-7989
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.
CVSS Score
6.5
EPSS Score
0.0
Published
2017-04-25
CVE-2017-8057
In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full path disclosures on systems with enabled error reporting.
CVSS Score
5.3
EPSS Score
0.0
Published
2017-04-25
CVE-2016-10033
Known exploited
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS Score
9.8
EPSS Score
0.944
Published
2016-12-30
CVE-2016-10045
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
CVSS Score
9.8
EPSS Score
0.935
Published
2016-12-30
CVE-2015-4654
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
CVSS Score
7.5
EPSS Score
0.0
Published
2015-06-18
CVE-2013-5955
Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-03-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved