Shodan
Vulnerabilities
Vulnerable Software
Joomla:  >> Joomla!  >> 1.6.3  Security Vulnerabilities
CVE-2009-4157
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
CVSS Score
4.3
EPSS Score
0.002
Published
2009-12-02
CVE-2009-4104
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-11-29
CVE-2009-4094
PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2009-11-29
CVE-2009-4057
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2009-11-24
CVE-2009-4059
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
CVSS Score
6.8
EPSS Score
0.005
Published
2009-11-24
CVE-2009-3964
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-11-18
CVE-2009-3971
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-11-18
CVE-2009-3972
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
CVSS Score
7.5
EPSS Score
0.004
Published
2009-11-18
CVE-2009-3817
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
7.5
EPSS Score
0.011
Published
2009-10-28
CVE-2009-3822
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
CVSS Score
7.5
EPSS Score
0.016
Published
2009-10-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved