Shodan
Vulnerabilities
Vulnerable Software
Joomla:  Security Vulnerabilities
CVE-2008-5200
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
CVSS Score
7.5
EPSS Score
0.0
Published
2008-11-21
CVE-2008-5053
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVSS Score
10.0
EPSS Score
0.005
Published
2008-11-13
CVE-2008-5051
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2008-11-13
CVE-2008-4777
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
CVSS Score
7.5
EPSS Score
0.0
Published
2008-10-29
CVE-2008-4764
Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
CVSS Score
5.0
EPSS Score
0.019
Published
2008-10-28
CVE-2008-4668
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
CVSS Score
9.0
EPSS Score
0.003
Published
2008-10-22
CVE-2008-4623
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
CVSS Score
7.5
EPSS Score
0.005
Published
2008-10-21
CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-10-20
CVE-2008-4102
Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681.
CVSS Score
7.5
EPSS Score
0.005
Published
2008-09-18
CVE-2008-4103
The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 sends e-mail messages without validating the URL, which allows remote attackers to transmit spam.
CVSS Score
5.0
EPSS Score
0.005
Published
2008-09-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved