Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 2.5.20  Security Vulnerabilities
CVE-2010-2848
Directory traversal vulnerability in assets/captcha/includes/alikon/playcode.php in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
CVSS Score
5.0
EPSS Score
0.032
Published
2010-07-25
CVE-2009-4946
Directory traversal vulnerability in the Messaging (com_messaging) component before 1.5.1 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter in a messages action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
6.8
EPSS Score
0.002
Published
2010-07-22
CVE-2009-4938
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2010-07-22
CVE-2010-2694
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2010-07-12
CVE-2010-2681
PHP remote file inclusion vulnerability in the SEF404x (com_sef) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig.absolute.path parameter to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2010-07-12
CVE-2010-2682
Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-12
CVE-2010-2690
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2010-07-12
CVE-2010-2680
Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.
CVSS Score
6.8
EPSS Score
0.009
Published
2010-07-12
CVE-2010-2678
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2010-07-08
CVE-2010-2679
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVSS Score
7.5
EPSS Score
0.0
Published
2010-07-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved