Shodan
Vulnerabilities
Vulnerable Software
Joomla:  Security Vulnerabilities
CVE-2008-6482
PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter.
CVSS Score
6.8
EPSS Score
0.205
Published
2009-03-18
CVE-2008-6483
PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS Score
7.5
EPSS Score
0.434
Published
2009-03-18
CVE-2008-6481
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-03-17
CVE-2008-6429
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-03-06
CVE-2008-6430
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVSS Score
7.5
EPSS Score
0.0
Published
2009-03-06
CVE-2008-6347
PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVSS Score
7.5
EPSS Score
0.079
Published
2009-03-02
CVE-2008-6337
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2009-02-27
CVE-2008-6299
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."
CVSS Score
3.5
EPSS Score
0.0
Published
2009-02-26
CVE-2008-6275
Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-02-25
CVE-2008-6276
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
CVSS Score
6.5
EPSS Score
0.004
Published
2009-02-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved