Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  Security Vulnerabilities
CVE-2019-14654
In Joomla! 3.9.7 and 3.9.8, inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option. In other words, the filter attribute in subform fields allows remote code execution. This is fixed in 3.9.9.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-08-05
CVE-2019-12764
An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users.
CVSS Score
6.5
EPSS Score
0.0
Published
2019-06-11
CVE-2019-12765
An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection.
CVSS Score
9.8
EPSS Score
0.309
Published
2019-06-11
CVE-2019-12766
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-06-11
CVE-2019-11809
An issue was discovered in Joomla! before 3.9.6. The debug views of com_users do not properly escape user supplied data, which leads to a potential XSS attack vector.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-05-20
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL.
CVSS Score
9.8
EPSS Score
0.095
Published
2019-05-09
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVSS Score
6.1
EPSS Score
0.015
Published
2019-04-20
CVE-2019-10945
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVSS Score
9.8
EPSS Score
0.811
Published
2019-04-10
CVE-2019-10946
An issue was discovered in Joomla! before 3.9.5. The "refresh list of helpsites" endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
CVSS Score
7.5
EPSS Score
0.0
Published
2019-04-10
CVE-2019-9711
An issue was discovered in Joomla! before 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
CVSS Score
6.1
EPSS Score
0.004
Published
2019-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved