Joomla: >> Joomla! >> 1.6.0 Security Vulnerabilities
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
CVSS Score
7.5
EPSS Score
0.007
Published
2011-10-05
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2011-10-05
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
CVSS Score
7.5
EPSS Score
0.007
Published
2011-10-05
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2011-10-05
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
CVSS Score
7.5
EPSS Score
0.003
Published
2011-10-05
Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php.
CVSS Score
5.0
EPSS Score
0.002
Published
2011-09-23
Cross-site scripting (XSS) vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the subject parameter (title field) in a saveTicket action to index2.php. NOTE: some of these details are obtained from third party information.
CVSS Score
4.3
EPSS Score
0.004
Published
2011-09-14
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.
CVSS Score
6.0
EPSS Score
0.001
Published
2011-09-14
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the com_contact component, as demonstrated by the Itemid parameter to index.php; (2) the query string to the com_content component, as demonstrated by the filter_order parameter to index.php; (3) the query string to the com_newsfeeds component, as demonstrated by an arbitrary parameter to index.php; or (4) the option parameter in a reset.request action to index.php; and, when Internet Explorer or Konqueror is used, (5) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component.
CVSS Score
4.3
EPSS Score
0.0
Published
2011-07-27
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
CVSS Score
4.3
EPSS Score
0.0
Published
2011-07-27