Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 2.5.19  Security Vulnerabilities
CVE-2010-4268
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVSS Score
7.5
EPSS Score
0.012
Published
2010-11-17
CVE-2010-4270
Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.
CVSS Score
5.0
EPSS Score
0.006
Published
2010-11-17
CVE-2010-4272
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVSS Score
7.5
EPSS Score
0.011
Published
2010-11-17
CVE-2010-3426
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2010-09-16
CVE-2010-3422
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2010-09-16
CVE-2010-3211
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
CVSS Score
7.5
EPSS Score
0.001
Published
2010-09-03
CVE-2010-3203
Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.
CVSS Score
5.0
EPSS Score
0.023
Published
2010-09-03
CVE-2010-2923
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-30
CVE-2010-2918
PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS Score
7.5
EPSS Score
0.016
Published
2010-07-30
CVE-2010-2919
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2010-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved