Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to (1) add a Super Admin, (2) upload an extension containing arbitrary PHP code, and (3) modify the configuration as administrators via unspecified vectors.
CVSS Score
6.8
EPSS Score
0.0
Published
2008-01-04
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.0
Published
2008-01-04
Joomla! before 1.5 RC4 allows remote authenticated administrators to promote arbitrary users to the administrator group, in violation of the intended security model.
CVSS Score
6.5
EPSS Score
0.001
Published
2008-01-04
Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote authenticated users to gain privileges via unspecified vectors, aka "registered user privilege escalation vulnerability."
CVSS Score
7.5
EPSS Score
0.002
Published
2008-01-04
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
CVSS Score
7.5
EPSS Score
0.0
Published
2007-12-07
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.
CVSS Score
6.8
EPSS Score
0.003
Published
2007-10-14
PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVSS Score
6.8
EPSS Score
0.001
Published
2007-10-14
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
CVSS Score
4.3
EPSS Score
0.004
Published
2007-10-12
PHP remote file inclusion vulnerability in admin.wmtrssreader.php in the webmaster-tips.net Flash RSS Reader (com_wmtrssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVSS Score
6.8
EPSS Score
0.003
Published
2007-10-12
PHP remote file inclusion vulnerability in preview.php in the swMenuFree (com_swmenufree) 4.6 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: a reliable third party disputes this issue because preview.php tests a certain constant to prevent direct requests
CVSS Score
6.8
EPSS Score
0.0
Published
2007-10-12