Joomla: >> Joomla! >> 13.1 Security Vulnerabilities
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2012-08-14
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2012-08-13
Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2012-05-21
Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht.
CVSS Score
6.0
EPSS Score
0.006
Published
2012-05-21
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter.
CVSS Score
4.3
EPSS Score
0.022
Published
2012-02-08
Unrestricted file upload vulnerability in models/importcsv.php in the Fabrik (com_fabrik) component before 2.1.1 for Joomla! allows remote authenticated users with Manager privileges to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
CVSS Score
6.0
EPSS Score
0.014
Published
2011-12-25
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2011-12-15
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-12-15
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
CVSS Score
3.5
EPSS Score
0.002
Published
2011-12-15
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-12-14